1: \begin{abstract}

2: Machine learning classifiers with high test accuracy often perform

3: poorly under adversarial attacks.

4: It is commonly believed that 

5: %, i.e. they have high \emph{robust} error.

6: adversarial training %is commonly believed to

7: alleviates this issue.

8: %effectively decrease the robust error. 

9: In this paper, we demonstrate that,

10: surprisingly, the opposite may be true --- Even though adversarial training helps when enough data is  available, it may hurt robust generalization in the small sample size regime. 

11: %We show that adversarial training

12: %with perceptible attacks can hurt robust generalization on 

13: We first prove this phenomenon for a high-dimensional linear

14: classification setting with noiseless observations. Our proof provides explanatory insights that may also transfer to feature learning models. 

15: %Specifically, when SGD on the robust logistic loss is run until convergence, 

16: %Specifically we show that the robust error of the robust max-margin solution monotonically increases with increasing training perturbation

17: %strength set size $\epsilon$, starting from standard training ($\epsilon =

18: %0$). 

19: %In particular, this drop is more pronounced for small sample sizes. 

20: Further, we observe in experiments on standard image datasets that the same behavior occurs %in the small sample size regime 

21: for perceptible attacks

22: that effectively reduce class information such as mask attacks and object corruptions. 

23: %This paper provides an example how common beliefs may need to be revisited

24: \end{abstract}

25: