Lower Bounds on Adversarial Robustness for Multiclass Classification with General Loss Functions

We consider adversarially robust classification in a multiclass setting under arbitrary loss functions and derive dual and barycentric reformulations of the corresponding learner-agnostic robust risk minimization problem. We provide explicit characterizations for important cases such as the cross-entropy loss, loss functions with a power form, and the quadratic loss, extending in this way available results for the 0-1 loss. These reformulations enable efficient computation of sharp lower bounds for adversarial risks and facilitate the design of robust classifiers beyond the 0-1 loss setting. Our paper uncovers interesting connections between adversarial robustness, $α$-fair packing problems, and generalized barycenter problems for arbitrary positive measures where Kullback-Leibler and Tsallis entropies are used as penalties. Our theoretical results are accompanied with illustrative numerical experiments where we obtain tighter lower bounds for adversarial risks with the cross-entropy loss function.

Key Contributions

Dual and barycentric reformulations of the learner-agnostic robust risk minimization problem under arbitrary loss functions
Explicit lower bound characterizations for cross-entropy loss, power-form losses, and quadratic loss, extending prior results from the 0-1 loss
Connections between adversarial robustness, α-fair packing problems, and generalized barycenter problems with KL and Tsallis entropy penalties

🛡️ Threat Analysis

Input Manipulation Attack

The paper directly addresses adversarial robustness — the core topic of ML01 — by analyzing the fundamental limits of adversarially robust classification under general loss functions and adversarial budgets modeled via optimal transport costs.

Details

Domains

vision

Model Types

traditional_ml

Threat Tags

inference_timewhite_boxuntargeted

Applications

2026 0 cit.

Input Manipulation Attack

73%