On damage of interpolation to adversarial robustness in regression

TL;DR

This paper investigates how interpolating estimators in nonparametric regression are inherently vulnerable to adversarial attacks, showing that perfect fitting can significantly harm robustness, especially in high interpolation regimes.

Contribution

It reveals that interpolation can lead to suboptimal adversarial robustness in regression, highlighting the 'curse of simple size' phenomenon and providing theoretical and empirical insights.

Findings

Interpolating estimators are suboptimal under future adversarial attacks.

Perfect fitting can significantly reduce robustness.

High interpolation regimes exhibit the 'curse of simple size' phenomenon.

Abstract

Deep neural networks (DNNs) typically involve a large number of parameters and are trained to achieve zero or near-zero training error. Despite such interpolation, they often exhibit strong generalization performance on unseen data, a phenomenon that has motivated extensive theoretical investigations. Comforting results show that interpolation indeed may not affect the minimax rate of convergence under the squared error loss. In the mean time, DNNs are well known to be highly vulnerable to adversarial perturbations in future inputs. A natural question then arises: Can interpolation also escape from suboptimal performance under a future $X$-attack? In this paper, we investigate the adversarial robustness of interpolating estimators in a framework of nonparametric regression. A finding is that interpolating estimators must be suboptimal even under a subtle future $X$-attack, and achieving perfect fitting can substantially damage their robustness. An interesting phenomenon in the high interpolation regime, which we term the curse of simple size, is also revealed and discussed. Numerical experiments support our theoretical findings.