In regression tasks, adversaries can launch evasion attacks via data perturbations; however, existing pessimistic bilevel optimization approaches rely on strong assumptions—namely, convexity and uniqueness of the adversary’s strategy—failing to capture realistic nonconvex, multimodal adversarial behaviors. Method: This paper introduces, for the first time, a pessimistic bilevel optimization framework for adversarial regression that imposes no convexity or uniqueness requirements on the inner-level adversary problem. We integrate game-theoretic modeling with robust regression objectives and propose a dedicated algorithm capable of solving nonconvex inner-level problems. Contribution/Results: Experiments under simulated adversarial settings demonstrate that our method significantly reduces prediction bias, achieving superior robustness and generalization compared to conventional defense strategies. It establishes a novel paradigm for adversarial robustness modeling in regression tasks.

Adversarial machine learning challenges the assumption that the underlying distribution remains consistent throughout the training and implementation of a prediction model. In particular, adversarial evasion considers scenarios where adversaries adapt their data to influence particular outcomes from established prediction models, such scenarios arise in applications such as spam email filtering, malware detection and fake-image generation, where security methods must be actively updated to keep up with the ever-improving generation of malicious data. Game theoretic models have been shown to be effective at modelling these scenarios and hence training resilient predictors against such adversaries. Recent advancements in the use of pessimistic bilevel optimsiation which remove assumptions about the convexity and uniqueness of the adversary's optimal strategy have proved to be particularly effective at mitigating threats to classifiers due to its ability to capture the antagonistic nature of the adversary. However, this formulation has not yet been adapted to regression scenarios. This article serves to propose a pessimistic bilevel optimisation program for regression scenarios which makes no assumptions on the convexity or uniqueness of the adversary's solutions.