Minority Reports Defense: Defending Against Adversarial Patches

04/28/2020

∙

Deep learning image classification is vulnerable to adversarial attack, even if the attacker changes just a small patch of the image. We propose a defense against patch attacks based on partially occluding the image around each candidate patch location, so that a few occlusions each completely hide the patch. We demonstrate on CIFAR-10, Fashion MNIST, and MNIST that our defense provides certified security against patch attacks of a certain size.

READ FULL TEXT

Minority Reports Defense: Defending Against Adversarial Patches

PatchZero: Defending against Adversarial Patch Attacks by Detecting and Zeroing the Patch

IPatch: A Remote Adversarial Patch

Confidence Matters: Inspecting Backdoors in Deep Neural Networks via Distribution Transfer

FPGA-Patch: Mitigating Remote Side-Channel Attacks on FPGAs using Dynamic Patch Generation

Patch DCT vs LeNet

Adversarial YOLO: Defense Human Detection Patch Attacks via Detecting Adversarial Patches

ScaleCert: Scalable Certified Defense against Adversarial Patches with Sparse Superficial Layers

Minority Reports Defense: Defending Against Adversarial Patches

Related Research

PatchZero: Defending against Adversarial Patch Attacks by Detecting and Zeroing the Patch

IPatch: A Remote Adversarial Patch

Confidence Matters: Inspecting Backdoors in Deep Neural Networks via Distribution Transfer

FPGA-Patch: Mitigating Remote Side-Channel Attacks on FPGAs using Dynamic Patch Generation

Patch DCT vs LeNet

Adversarial YOLO: Defense Human Detection Patch Attacks via Detecting Adversarial Patches

ScaleCert: Scalable Certified Defense against Adversarial Patches with Sparse Superficial Layers