Non-Parametric Probabilistic Robustness: A Conservative Risk Estimator under Unknown Perturbation Distributions

Deep learning (DL) models, despite their remarkable success, remain vulnerable to small input perturbations that can cause erroneous outputs, motivating probabilistic robustness (PR) as a complementary notion to adversarial robustness (AR) for stochastic reliability assessment. However, existing PR formulations assume a fixed, known perturbation distribution, which is often unavailable or misspecified in practice. To address this limitation, we propose non-parametric probabilistic robustness (NPPR), a more conservative PR estimator over an admissible family of perturbation distributions. We instantiate NPPR with a tractable estimator (GMM-based) that supports four dependency structures (independent, label-, input-, and joint-dependent perturbations). We show that NPPR provably interpolates between AR and PR. Experiments on CIFAR-10/100 and TinyImageNet across multiple architectures show that NPPR yields consistently lower (more conservative) PR estimates than PR computed under common assumed distributions (e.g., Gaussian/Uniform), with up to 40\% reduction in representative settings.