TL;DR
PatchDEMUX introduces a certifiably robust framework for multi-label classifiers against adversarial patches, extending single-label defenses to multi-label scenarios with provable guarantees and improved robustness bounds.
Contribution
It presents a generalizable method that adapts existing certifiable defenses for multi-label classification by treating it as multiple binary problems, with an additional certification for single-patch attacks.
Findings
Achieves non-trivial robustness on MS-COCO and PASCAL VOC datasets.
Maintains high accuracy on clean data.
Extends certifiable defenses from single-label to multi-label classification.
Abstract
Deep learning techniques have enabled vast improvements in computer vision technologies. Nevertheless, these models are vulnerable to adversarial patch attacks which catastrophically impair performance. The physically realizable nature of these attacks calls for certifiable defenses, which feature provable guarantees on robustness. While certifiable defenses have been successfully applied to single-label classification, limited work has been done for multi-label classification. In this work, we present PatchDEMUX, a certifiably robust framework for multi-label classifiers against adversarial patches. Our approach is a generalizable method which can extend any existing certifiable defense for single-label classification; this is done by considering the multi-label classification task as a series of isolated binary classification problems to provably guarantee robustness. Furthermore, in…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
