Defending Against Physical Adversarial Patch Attacks on Infrared Human Detection

TL;DR

This paper introduces a simple yet effective defense method called patch-based occlusion-aware detection (POD) against physical adversarial patch attacks on infrared human detection, enhancing robustness and detection accuracy.

Contribution

We propose the first defense strategy, POD, that detects and localizes adversarial patches in infrared human detection with high efficiency and generalization.

Findings

POD robustly detects humans under various adversarial patches.

POD generalizes well to unseen adversarial patch attacks.

POD improves detection accuracy even without attacks.

Abstract

Infrared detection is an emerging technique for safety-critical tasks owing to its remarkable anti-interference capability. However, recent studies have revealed that it is vulnerable to physically-realizable adversarial patches, posing risks in its real-world applications. To address this problem, we are the first to investigate defense strategies against adversarial patch attacks on infrared detection, especially human detection. We propose a straightforward defense strategy, patch-based occlusion-aware detection (POD), which efficiently augments training samples with random patches and subsequently detects them. POD not only robustly detects people but also identifies adversarial patch locations. Surprisingly, while being extremely computationally efficient, POD easily generalizes to state-of-the-art adversarial patch attacks that are unseen during training. Furthermore, POD improves detection precision even in a clean (i.e., no-attack) situation due to the data augmentation effect. Our evaluation demonstrates that POD is robust to adversarial patches of various shapes and sizes. The effectiveness of our baseline approach is shown to be a viable defense mechanism for real-world infrared human detection systems, paving the way for exploring future research directions.