Adversarial training and data augmentation with noise are widely adopted techniques to enhance the performance of neural networks. This paper investigates adversarial training and data augmentation with noise in the context of regularized regression in a reproducing kernel Hilbert space (RKHS). We establish the limiting formula for these techniques as the attack and noise size, as well as the regularization parameter, tend to zero. Based on this limiting formula, we analyze specific scenarios and demonstrate that, without appropriate regularization, these two methods may have larger generalization error and Lipschitz constant than standard kernel regression. However, by selecting the appropriate regularization parameter, these two methods can outperform standard kernel regression and achieve smaller generalization error and Lipschitz constant. These findings support the empirical observations that adversarial training can lead to overfitting, and appropriate regularization methods, such as early stopping, can alleviate this issue.

翻译：对抗训练和噪声数据增强是提升神经网络性能的常用技术。本文在再生核希尔伯特空间（RKHS）的正则化回归框架下研究对抗训练与噪声数据增强方法。我们建立了当攻击强度、噪声幅度以及正则化参数趋于零时这些技术对应的极限公式。基于该极限公式，我们分析了具体场景，并证明在没有适当正则化的情况下，这两种方法可能比标准核回归产生更大的泛化误差和Lipschitz常数。然而，通过选择恰当的正则化参数，这两种方法能够超越标准核回归，获得更小的泛化误差和Lipschitz常数。这些发现支持了对抗训练可能导致过拟合的实证观察，而早期停止等适当正则化方法能够缓解这一问题。