Better Safe Than Sorry: Preventing Delusive Adversaries with Adversarial Training

This implies that adversarial training can serve as a principled defense against delusive attacks. Thus, the test accuracy decreased by delusive attacks can be largely recovered by adversarial training.