PatchZero: Defending against Adversarial Patch Attacks by Detecting and Zeroing the Patch

07/05/2022
by   Ke Xu, et al.
0

Adversarial patch attacks mislead neural networks by injecting adversarial pixels within a local region. Patch attacks can be highly effective in a variety of tasks and physically realizable via attachment (e.g. a sticker) to the real-world objects. Despite the diversity in attack patterns, adversarial patches tend to be highly textured and different in appearance from natural images. We exploit this property and present PatchZero, a general defense pipeline against white-box adversarial patches without retraining the downstream classifier or detector. Specifically, our defense detects adversaries at the pixel-level and "zeros out" the patch region by repainting with mean pixel values. We further design a two-stage adversarial training scheme to defend against the stronger adaptive attacks. PatchZero achieves SOTA defense performance on the image classification (ImageNet, RESISC45), object detection (PASCAL VOC), and video classification (UCF101) tasks with little degradation in benign performance. In addition, PatchZero transfers to different patch shapes and attack types.

READ FULL TEXT

page 1

page 4

page 7

page 8

page 14

research
03/16/2021

Adversarial YOLO: Defense Human Detection Patch Attacks via Detecting Adversarial Patches

The security of object detection systems has attracted increasing attent...
research
12/08/2021

Segment and Complete: Defending Object Detectors against Adversarial Patch Attacks with Robust Patch Detection

Object detection plays a key role in many security-critical systems. Adv...
research
04/28/2020

Minority Reports Defense: Defending Against Adversarial Patches

Deep learning image classification is vulnerable to adversarial attack, ...
research
09/27/2022

Suppress with a Patch: Revisiting Universal Adversarial Patch Attacks against Object Detection

Adversarial patch-based attacks aim to fool a neural network with an int...
research
07/26/2023

Defending Adversarial Patches via Joint Region Localizing and Inpainting

Deep neural networks are successfully used in various applications, but ...
research
12/12/2022

Carpet-bombing patch: attacking a deep network without usual requirements

Although deep networks have shown vulnerability to evasion attacks, such...
research
08/06/2023

SAAM: Stealthy Adversarial Attack on Monoculor Depth Estimation

In this paper, we investigate the vulnerability of MDE to adversarial pa...

Please sign up or login with your details

Forgot password? Click here to reset