The reliability of a learning model is key to the successful deployment of machine learning in various applications. Creating a robust model, particularly one unaffected by adversarial attacks, requires a comprehensive understanding of the adversarial examples phenomenon. However, it is difficult to describe the phenomenon due to the complicated nature of the problems in machine learning. It has been shown that adversarial training can improve the robustness of the hypothesis. However, this improvement comes at the cost of decreased performance on natural samples. Hence, it has been suggested that robustness and accuracy of a hypothesis are at odds with each other. In this paper, we put forth the alternative proposal that it is the continuity of a hypothesis that is incompatible with its robustness and accuracy. In other words, a continuous function cannot effectively learn the optimal robust hypothesis. To this end, we will introduce a framework for a rigorous study of harmonic and holomorphic hypothesis in learning theory terms and provide empirical evidence that continuous hypotheses does not perform as well as discontinuous hypotheses in some common machine learning tasks. From a practical point of view, our results suggests that a robust and accurate learning rule would train different continuous hypotheses for different regions of the domain. From a theoretical perspective, our analysis explains the adversarial examples phenomenon as a conflict between the continuity of a sequence of functions and its uniform convergence to a discontinuous function.

翻译：学习模型的可靠性是机器学习成功应用于各类场景的关键。构建鲁棒模型——尤其是不受对抗攻击影响的模型——需要全面理解对抗样本现象。然而，由于机器学习问题本身的复杂性，描述这一现象十分困难。已有研究表明，对抗训练能提升假设的鲁棒性，但这种提升是以牺牲自然样本上的性能为代价的。因此，有观点认为假设的鲁棒性与准确性之间存在矛盾。本文提出另一种观点：问题的核心在于假设的连续性与其鲁棒性和准确性不相容。换言之，连续函数无法有效学习最优鲁棒假设。为此，我们将建立一个以学习理论术语严格研究调和与全纯假设的框架，并通过实证证据表明，在某些常见机器学习任务中，连续假设的表现不如非连续假设。从实践角度看，我们的结果提示：鲁棒且准确的学习规则应为定义域的不同区域训练不同的连续假设。从理论视角看，我们的分析将对抗样本现象解释为函数序列的连续性与其向非连续函数的一致收敛性之间的冲突。