TL;DR
This paper analyzes the adversarial robustness of NTK neural networks in nonparametric regression, establishing optimal rates and vulnerabilities in overfitting regimes.
Contribution
It provides the first theoretical analysis of NTK neural networks' adversarial robustness, including minimax optimal rates and vulnerability insights.
Findings
NTK neural networks can achieve minimax optimal adversarial regression rates.
Overfitting NTK models are vulnerable to adversarial perturbations.
Early stopping helps NTK networks attain optimal robustness.
Abstract
Deep learning models are widely deployed in safety-critical domains, but remain vulnerable to adversarial attacks. In this paper, we study the adversarial robustness of NTK neural networks in the context of nonparametric regression. We establish minimax optimal rates for adversarial regression in Sobolev spaces and then show that NTK neural networks, trained via gradient flow with early stopping, can achieve this optimal rate. However, in the overfitting regime, we prove that the minimum norm interpolant is vulnerable to adversarial perturbations.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.