Although deep neural networks have achieved super-human performance on many classification tasks, they often exhibit a worrying lack of robustness towards adversarially generated examples. Thus, considerable effort has been invested into reformulating Empirical Risk Minimization (ERM) into an adversarially robust framework. Recently, attention has shifted towards approaches which interpolate between the robustness offered by adversarial training and the higher clean accuracy and faster training times of ERM. In this paper, we take a fresh and geometric view on one such method -- Probabilistically Robust Learning (PRL) (Robey et al., ICML, 2022). We propose a geometric framework for understanding PRL, which allows us to identify a subtle flaw in its original formulation and to introduce a family of probabilistic nonlocal perimeter functionals to address this. We prove existence of solutions using novel relaxation methods and study properties as well as local limits of the introduced perimeters.

翻译：尽管深度神经网络在许多分类任务上已超越人类表现，但它们在面对对抗性生成样本时往往表现出令人担忧的鲁棒性不足。因此，大量研究致力于将经验风险最小化（ERM）重新表述为对抗鲁棒框架。近年来，研究重点转向了那些在对抗训练提供的鲁棒性与ERM更高的干净准确率和更快的训练时间之间进行折中的方法。本文以全新的几何视角审视其中一种方法——概率鲁棒学习（PRL）（Robey 等人，ICML，2022）。我们提出一个用于理解PRL的几何框架，该框架使我们能够识别其原始公式中的一个细微缺陷，并引入一族概率非局部周长泛函来解决这一问题。我们利用新颖的松弛方法证明了解的存在性，并研究了引入的周长泛函的性质及其局部极限。