The Unseen Adversaries: Robust and Generalized Defense Against Adversarial Patches

TL;DR

This paper introduces a new dataset and benchmark for defending against combined adversarial patches and natural noise in deep neural networks, highlighting the challenges in robust classification.

Contribution

It is the first to combine adversarial patches and natural noises into a dataset and benchmark, analyzing classifier effectiveness against these singularities.

Findings

Classifiers struggle to defend against combined adversarial and natural noises.

Traditional machine learning classifiers can be effective for detection.

Defending against singularities independently is more difficult than expected.

Abstract

The vulnerabilities of deep neural networks against singularities have raised serious concerns regarding their deployment in the physical world. One of the most prominent and impactful physical-world adversarial perturbations is the attachment of patches to clean images, known as an adversarial patch attack. Similarly, natural noises such as Gaussian and Salt\&Pepper are highly prevalent in the real world. The current research need arises from the above vulnerabilities and the lack of efforts to tackle these two singularities independently and, especially, in combination. In this research, we have, for the first time, combined these two prominent singularities and proposed a novel dataset. Using this dataset, we have conducted a benchmark study of singularity data-point detection using features from several convolutional neural networks. For classification, rather than the popular neural network-based parameter tuning, we have used traditional yet effective machine learning classifiers. The extensive experiments across various in- and out-of-distribution (OOD) singularities reveal several interesting findings about the effectiveness of classifiers and show that it is hard to defend against adversaries when they are treated independently, and inefficient classifiers are selected.