Neural networks have been proven to be both highly effective within computer vision, and highly vulnerable to adversarial attacks. Consequently, as the use of neural networks increases due to their unrivaled performance, so too does the threat posed by adversarial attacks. In this work, we build towards addressing the challenge of adversarial robustness by exploring the relationship between the mini-batch size used during adversarial sample generation and the strength of the adversarial samples produced. We demonstrate that an increase in mini-batch size results in a decrease in the efficacy of the samples produced, and we draw connections between these observations and the phenomenon of vanishing gradients. Next, we formulate loss functions such that adversarial sample strength is not degraded by mini-batch size. Our findings highlight a potential risk for underestimating the true (practical) strength of adversarial attacks, and a risk of overestimating a model's robustness. We share our codes to let others replicate our experiments and to facilitate further exploration of the connections between batch size and adversarial sample strength.

翻译：神经网络已被证明在计算机视觉领域中既非常有效，又极易受到对抗攻击。因此，随着神经网络因其无与伦比的性能而得到越来越广泛的应用，对抗攻击所带来的威胁也在同步增加。在本工作中，我们通过探索对抗样本生成过程中使用的小型批次大小与所生成对抗样本强度之间的关系，致力于解决对抗鲁棒性这一挑战。我们证明，小型批次大小的增加会导致所生成样本效用的下降，并将这些观察结果与梯度消失现象联系起来。接着，我们构建损失函数，使得对抗样本强度不会因小型批次大小而降低。我们的发现凸显了低估对抗攻击真实（实际）强度的潜在风险，以及高估模型鲁棒性的风险。我们公开代码，以便他人复现我们的实验，并促进对批次大小与对抗样本强度之间关系的进一步探索。