Segment and Complete: Defending Object Detectors against Adversarial Patch Attacks with Robust Patch Detection

12/08/2021
by   Jiang Liu, et al.
7

Object detection plays a key role in many security-critical systems. Adversarial patch attacks, which are easy to implement in the physical world, pose a serious threat to state-of-the-art object detectors. Developing reliable defenses for object detectors against patch attacks is critical but severely understudied. In this paper, we propose Segment and Complete defense (SAC), a general framework for defending object detectors against patch attacks through detecting and removing adversarial patches. We first train a patch segmenter that outputs patch masks that provide pixel-level localization of adversarial patches. We then propose a self adversarial training algorithm to robustify the patch segmenter. In addition, we design a robust shape completion algorithm, which is guaranteed to remove the entire patch from the images given the outputs of the patch segmenter are within a certain Hamming distance of the ground-truth patch masks. Our experiments on COCO and xView datasets demonstrate that SAC achieves superior robustness even under strong adaptive attacks with no performance drop on clean images, and generalizes well to unseen patch shapes, attack budgets, and unseen attack methods. Furthermore, we present the APRICOT-Mask dataset, which augments the APRICOT dataset with pixel-level annotations of adversarial patches. We show SAC can significantly reduce the targeted attack success rate of physical patch attacks.

READ FULL TEXT

page 16

page 17

page 18

page 19

page 20

page 21

page 22

page 23

research
07/05/2022

PatchZero: Defending against Adversarial Patch Attacks by Detecting and Zeroing the Patch

Adversarial patch attacks mislead neural networks by injecting adversari...
research
03/16/2021

Adversarial YOLO: Defense Human Detection Patch Attacks via Detecting Adversarial Patches

The security of object detection systems has attracted increasing attent...
research
02/05/2021

DetectorGuard: Provably Securing Object Detectors against Localized Patch Hiding Attacks

State-of-the-art object detectors are vulnerable to localized patch hidi...
research
06/09/2021

We Can Always Catch You: Detecting Adversarial Patched Objects WITH or WITHOUT Signature

Recently, the object detection based on deep learning has proven to be v...
research
02/28/2020

Detecting Patch Adversarial Attacks with Image Residuals

We introduce an adversarial sample detection algorithm based on image re...
research
03/18/2023

Detection of Uncertainty in Exceedance of Threshold (DUET): An Adversarial Patch Localizer

Development of defenses against physical world attacks such as adversari...
research
06/15/2023

DIFFender: Diffusion-Based Adversarial Defense against Patch Attacks in the Physical World

Adversarial attacks in the physical world, particularly patch attacks, p...

Please sign up or login with your details

Forgot password? Click here to reset