This paper investigates the asymptotic properties of ℓ∞-adversarial training estimators under generalized linear models, focusing on sparse recovery when the true parameter vector is zero. We establish theoretically that, under ℓ∞ perturbations, the estimator’s asymptotic distribution assigns positive probability mass at zero—thereby providing the first rigorous proof of its asymptotic sparse recovery property. Building upon this insight, we propose a two-stage adaptive adversarial training framework that employs data-driven weight tuning to simultaneously achieve variable selection consistency and asymptotically unbiased estimation. Simulation studies and empirical analysis demonstrate that the proposed method significantly outperforms standard adversarial training in both variable identification accuracy and parameter estimation precision.

Adversarial training has been proposed to protect machine learning models against adversarial attacks. This paper focuses on adversarial training under $ell_infty$-perturbation, which has recently attracted much research attention. The asymptotic behavior of the adversarial training estimator is investigated in the generalized linear model. The results imply that the asymptotic distribution of the adversarial training estimator under $ell_infty$-perturbation could put a positive probability mass at $0$ when the true parameter is $0$, providing a theoretical guarantee of the associated sparsity-recovery ability. Alternatively, a two-step procedure is proposed -- adaptive adversarial training, which could further improve the performance of adversarial training under $ell_infty$-perturbation. Specifically, the proposed procedure could achieve asymptotic variable-selection consistency and unbiasedness. Numerical experiments are conducted to show the sparsity-recovery ability of adversarial training under $ell_infty$-perturbation and to compare the empirical performance between classic adversarial training and adaptive adversarial training.