Existing adversarial training (AT) methods are typically designed for a limited set of known attacks, resulting in poor robustness against unseen or out-of-distribution adversaries. To address this, we propose a dynamic adversarial sampling framework grounded in the Multi-Armed Bandit (MAB) paradigm—the first work to integrate MAB into AT. Our approach models fine-grained robustness dependencies across multiple attack dimensions and introduces an adaptive reward function that dynamically balances exploration (sampling novel, potentially harmful attacks) and exploitation (selecting high-impact perturbations). By unifying adversarial training, calibrated sampling, and dynamic reward optimization, our method significantly improves holistic robustness against both known and unseen attacks on benchmarks including CIFAR-10 and CIFAR-100, while preserving high clean accuracy. Extensive experiments validate its generalization capability in complex, heterogeneous attack scenarios.

Deep Neural Networks (DNNs) are known to be vulnerable to various adversarial perturbations. To address the safety concerns arising from these vulnerabilities, adversarial training (AT) has emerged as one of the most effective paradigms for enhancing the robustness of DNNs. However, existing AT frameworks primarily focus on a single or a limited set of attack types, leaving DNNs still exposed to attack types that may be encountered in practice but not addressed during training. In this paper, we propose an efficient fine-tuning method called Calibrated Adversarial Sampling (CAS) to address these issues. From the optimization perspective within the multi-armed bandit framework, it dynamically designs rewards and balances exploration and exploitation by considering the dynamic and interdependent characteristics of multiple robustness dimensions. Experiments on benchmark datasets show that CAS achieves superior overall robustness while maintaining high clean accuracy, providing a new paradigm for robust generalization of DNNs.