Adversarial Robustness of NTK Neural Networks

arXiv cs.LG / 4/30/2026

💬 OpinionIdeas & Deep AnalysisModels & Research

共有:

Key Points

The paper analyzes how NTK (Neural Tangent Kernel) neural networks behave against adversarial attacks when used for nonparametric regression.
It derives minimax-optimal convergence rates for adversarial regression over Sobolev function spaces.
It shows that NTK neural networks trained with gradient flow and early stopping can achieve these optimal adversarial robustness rates.
In the overfitting/interpolation regime, the study proves that the minimum-norm interpolating solution can be significantly vulnerable to adversarial perturbations.

Abstract

Deep learning models are widely deployed in safety-critical domains, but remain vulnerable to adversarial attacks. In this paper, we study the adversarial robustness of NTK neural networks in the context of nonparametric regression. We establish minimax optimal rates for adversarial regression in Sobolev spaces and then show that NTK neural networks, trained via gradient flow with early stopping, can achieve this optimal rate. However, in the overfitting regime, we prove that the minimum norm interpolant is vulnerable to adversarial perturbations.