Adversarial Robustness of NTK Neural Networks
Provides theoretical guarantees for adversarial robustness of NTK networks in nonparametric regression, relevant to safety-critical ML applications.
The paper establishes minimax optimal rates for adversarial regression in Sobolev spaces and shows that NTK neural networks trained with early stopping achieve these rates, while overfitting leads to vulnerability.
Deep learning models are widely deployed in safety-critical domains, but remain vulnerable to adversarial attacks. In this paper, we study the adversarial robustness of NTK neural networks in the context of nonparametric regression. We establish minimax optimal rates for adversarial regression in Sobolev spaces and then show that NTK neural networks, trained via gradient flow with early stopping, can achieve this optimal rate. However, in the overfitting regime, we prove that the minimum norm interpolant is vulnerable to adversarial perturbations.