Certified Defenses for Adversarial Patches

March 14, 2020 · Entered Twilight · 🏛 International Conference on Learning Representations

"Last commit was 5.0 years ago (≥5 year threshold)"

Evidence collected by the PWNC Scanner

Repo contents: LICENSE, README.md, argparser.py, attacks, bound_layers.py, config.py, config, converter.py, datasets.py, defaults.json, eval.py, model_defs.py, train.py, unet.py

Authors Ping-Yeh Chiang, Renkun Ni, Ahmed Abdelkader, Chen Zhu, Christoph Studer, Tom Goldstein arXiv ID 2003.06693 Category cs.CR: Cryptography & Security Cross-listed cs.LG, stat.ML Citations 189 Venue International Conference on Learning Representations Repository https://github.com/Ping-C/certifiedpatchdefense ⭐ 34 Last Checked 2 months ago

Abstract

Adversarial patch attacks are among one of the most practical threat models against real-world computer vision systems. This paper studies certified and empirical defenses against patch attacks. We begin with a set of experiments showing that most existing defenses, which work by pre-processing input images to mitigate adversarial patches, are easily broken by simple white-box adversaries. Motivated by this finding, we propose the first certified defense against patch attacks, and propose faster methods for its training. Furthermore, we experiment with different patch shapes for testing, obtaining surprisingly good robustness transfer across shapes, and present preliminary results on certified defense against sparse attacks. Our complete implementation can be found on: https://github.com/Ping-C/certifiedpatchdefense.