Adversarial training is a common technique for learning robust classifiers. Prior work showed that convex surrogate losses are not statistically consistent in the adversarial context -- or in other words, a minimizing sequence of the adversarial surrogate risk will not necessarily minimize the adversarial classification error. We connect the consistency of adversarial surrogate losses to properties of minimizers to the adversarial classification risk, known as \emph{adversarial Bayes classifiers}. Specifically, under reasonable distributional assumptions, a convex loss is statistically consistent for adversarial learning iff the adversarial Bayes classifier satisfies a certain notion of uniqueness.

翻译：对抗训练是学习鲁棒分类器的常用技术。先前研究表明，凸替代损失在对抗环境下不具备统计一致性——换言之，对抗替代风险的最小化序列不一定会最小化对抗分类误差。我们将对抗替代损失的一致性与对抗分类风险的最小化器（即对抗贝叶斯分类器）的性质联系起来。具体而言，在合理的分布假设下，凸损失函数在对抗学习中具有统计一致性当且仅当对抗贝叶斯分类器满足某种唯一性条件。