Global News Digest

Global News Digest

arXiv

Sensitivity as a Double-Edged Sword: A Trade-off Between Discriminability and Adversarial Robustness

· Kai Wang · Original Source

Title: The Dual Nature of Sensitivity: Navigating the Trade-off Between Discriminability and Adversarial Robustness

Abstract:

Current neural networks exhibit a pronounced vulnerability to adversarial perturbations. This study reveals that a significant portion of this susceptibility arises from the high sensitivity of conventional fully connected (FC) classifiers to such disturbances. In comparison, classifiers relying on simple $\ell_2$ distance demonstrate substantially higher resilience. Through comprehensive theoretical and empirical investigation, we establish that while the heightened sensitivity of FC classifiers enhances their discriminative capabilities, it simultaneously exposes them to attacks. Conversely, the robustness afforded by $\ell_2$-classifiers comes at the cost of reduced performance.

To address this inherent trade-off, we introduce a novel $\ell_2$-reclassifier grounded in a Hybrid Prototype Mixing (HPM) framework. This approach successfully merges the discriminative strength of FC classifiers with the robustness characteristics of $\ell_2$ distance. It generates predictions based on $\ell_2$ distance by integrating two distinct types of prototypes: (1) static, dataset-level prototypes that are updated using Exponential Moving Average (EMA), and (2) dynamic, batch-level prototypes derived from the FC classifier’s outputs via a Straight-Through Estimator (STE).

Nevertheless, this dynamic architecture, which relies on the STE, presents considerable evaluation hurdles, including issues with gradient obfuscation and forward discontinuity. To overcome these obstacles, we devise a stringent evaluation protocol known as the Mixed Surrogate Attack (MSA). This protocol employs multiple surrogate models alongside the robust AutoAttack method to guarantee a fair and reliable assessment. Extensive experimental results confirm that our lightweight, plug-and-play module, requiring only minimal fine-tuning, significantly improves the adversarial robustness of various state-of-the-art adversarially trained models.

Source: arXiv Generated at: 2026-06-02 00:00:00 UTC

Related Articles

Law’s Billable Hour Is Being Shredded by AI
Bloomberg

Law’s Billable Hour Is Being Shredded by AI

June 2, 2026

AI is dismantling the billable hour by automating routine legal tasks. This technological shift threatens the traditiona...

Iran War: Trump Tries to Stop Israel’s Lebanon Push | The Opening Trade 6/2/2026
Bloomberg

Iran War: Trump Tries to Stop Israel’s Lebanon Push | The Opening Trade 6/2/2026

June 2, 2026

SoftBank in Early Talks to Back $800 Million Agile Robots Round
Bloomberg

SoftBank in Early Talks to Back $800 Million Agile Robots Round

June 2, 2026

SoftBank is in early talks to back Agile Robots’ $800 million funding round. The Japanese tech giant is currently in pre...

Amundi Is Diversifying Risk Via Commodity Currencies, Gold
Bloomberg

Amundi Is Diversifying Risk Via Commodity Currencies, Gold

June 2, 2026

Amundi diversifies risk by investing in commodity-linked currencies and gold. This strategy hedges against market volati...

Reuters

Marvell Technology surges after Nvidia's Huang calls it 'next trillion-dollar company'

June 2, 2026

Marvell Technology shares surged after Nvidia CEO Jensen Huang labeled the firm the “next trillion-dollar company.”

Russia Says It Found Foreign Spyware on Top Officials’ Phones
Bloomberg

Russia Says It Found Foreign Spyware on Top Officials’ Phones

June 2, 2026

Russia’s FSB claims to have discovered foreign spyware on senior officials’ phones. Moscow attributes the intrusion to h...