Although deep neural networks have achieved super-human performance on many classification tasks, they often exhibit a worrying lack of robustness towards adversarially generated examples. Thus, considerable effort has been invested into reformulating standard Risk Minimization (RM) into an adversarially robust framework. Recently, attention has shifted towards approaches which interpolate between the robustness offered by adversarial training and the higher clean accuracy and faster training times of RM. In this paper, we take a fresh and geometric view on one such method -- Probabilistically Robust Learning (PRL). We propose a mathematical framework for understanding PRL, which allows us to identify geometric pathologies in its original formulation and to introduce a family of probabilistic nonlocal perimeter functionals to rectify them. We prove existence of solutions to the original and modified problems using novel relaxation methods and also study properties, as well as local limits, of the introduced perimeters. We also clarify, through a suitable $\Gamma$-convergence analysis, the way in which the original and modified PRL models interpolate between risk minimization and adversarial training.

翻译：尽管深度神经网络在许多分类任务上已实现超越人类的表现，但其对对抗生成样本往往表现出令人担忧的鲁棒性缺失。因此，大量研究致力于将标准风险最小化（RM）重构为对抗鲁棒框架。近期，研究重点逐渐转向能够在对抗训练提供的鲁棒性与RM更高的干净准确率及更快训练速度之间取得平衡的方法。本文以一种全新的几何视角审视其中一种方法——概率鲁棒学习（PRL）。我们提出了理解PRL的数学框架，借此揭示了其原始表述中的几何病理特征，并引入一族概率非局部周长泛函以修正这些问题。通过新颖的松弛方法，我们证明了原始问题与修正问题解的存在性，并研究了所引入周长泛函的性质及其局部极限。此外，通过恰当的Γ-收敛分析，我们阐明了原始与修正PRL模型在风险最小化与对抗训练之间的插值机制。