Certified Defenses for Adversarial Patches

OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 297.86 KB)

Author / Producer

Chiang, Ping-yeh Ni, Renkun Abdelkader, Ahmed

Date

2020-04

Publication Type

Conference Paper

ETH Bibliography

no

Citations

Altmetric
OPEN ACCESS

Downloads

Full text (accepted version) (PDF, 297.86 KB)

Data

Rights / License

In Copyright - Non-Commercial Use Permitted north_east

Abstract

Adversarial patch attacks are among one of the most practical threat models against real-world computer vision systems. This paper studies certified and empirical defenses against patch attacks. We begin with a set of experiments showing that most existing defenses, which work by pre-processing input images to mitigate adversarial patches, are easily broken by simple white-box adversaries. Motivated by this finding, we propose the first certified defense against patch attacks, and propose faster methods for its training. Furthermore, we experiment with different patch shapes for testing, obtaining surprisingly good robustness transfer across shapes, and present preliminary results on certified defense against sparse attacks. Our complete implementation can be found on: https://github.com/Ping-C/certifiedpatchdefense.

Permanent link

https://doi.org/10.3929/ethz-b-000452593

Publication status

published

External links

https://iclr.cc/virtual_2020/poster_HyeaSkrYPH.html north_east

Editor

Book title

Journal / series

Volume

Pages / Article No.

Publisher

International Conference on Learning Representations

Event

8th International Conference on Learning Representations (ICLR 2020) (virtual)

Edition / version

Methods

Software

Geographic location

Date collected

Date created

Subject

Adversarial; Computer vision; Robustness

Organisational unit

09695 - Studer, Christoph / Studer, Christoph check_circle

Notes

Due to the Corona virus (COVID-19) the conference was conducted virtually.

Funding

Related publications and datasets

More

Show all metadata