Robustness towards adversarial attacks is a vital property for classifiers in several applications such as autonomous driving, medical diagnosis, etc. Also, in such scenarios, where the cost of misclassification is very high, knowing when to abstain from prediction becomes crucial. A natural question is which surrogates can be used to ensure learning in scenarios where the input points are adversarially perturbed and the classifier can abstain from prediction? This paper aims to characterize and design surrogates calibrated in "Adversarial Robust Reject Option" setting. First, we propose an adversarial robust reject option loss $\ell_{d}^{\gamma}$ and analyze it for the hypothesis set of linear classifiers ($\mathcal{H}_{\textrm{lin}}$). Next, we provide a complete characterization result for any surrogate to be $(\ell_{d}^{\gamma},\mathcal{H}_{\textrm{lin}})$- calibrated. To demonstrate the difficulty in designing surrogates to $\ell_{d}^{\gamma}$, we show negative calibration results for convex surrogates and quasi-concave conditional risk cases (these gave positive calibration in adversarial setting without reject option). We also empirically argue that Shifted Double Ramp Loss (DRL) and Shifted Double Sigmoid Loss (DSL) satisfy the calibration conditions. Finally, we demonstrate the robustness of shifted DRL and shifted DSL against adversarial perturbations on a synthetically generated dataset.

翻译：在自动驾驶、医疗诊断等应用中，分类器具备对抗攻击的鲁棒性是至关重要的特性。同时，在这些误分类代价极高的场景中，了解何时应避免预测变得尤为关键。一个自然的问题是：在输入点遭受对抗性扰动且分类器可选择拒绝预测的场景下，应使用何种替代损失函数来确保学习效果？本文旨在刻画并设计在"对抗鲁棒拒绝选项"设定下具有校准性质的替代损失函数。首先，我们提出一种对抗鲁棒拒绝选项损失函数 $\ell_{d}^{\gamma}$，并针对线性分类器假设集（$\mathcal{H}_{\textrm{lin}}$）进行分析。其次，我们建立了替代损失函数实现 $(\ell_{d}^{\gamma},\mathcal{H}_{\textrm{lin}})$-校准的完整刻画定理。为说明设计 $\ell_{d}^{\gamma}$ 校准替代损失函数的困难性，我们证明了凸替代损失函数与拟凹条件风险情形下的负向校准结果（这些情形在无拒绝选项的对抗设置中曾呈现正向校准）。我们通过实证分析论证了平移双斜坡损失（DRL）与平移双Sigmoid损失（DSL）满足校准条件。最后，我们在合成数据集上验证了平移DRL与平移DSL对抗对抗性扰动的鲁棒性。