Detection as Regression: Certified Object Detection by Median Smoothing
This addresses the problem of adversarial robustness for object detection systems, offering a novel solution that is incremental in extending certified defenses from classification to detection.
The paper tackles the vulnerability of object detectors to adversarial attacks by proposing a certified defense method using median smoothing, achieving the first model-agnostic and training-free approach with certified robustness against l2-bounded attacks.
Despite the vulnerability of object detectors to adversarial attacks, very few defenses are known to date. While adversarial training can improve the empirical robustness of image classifiers, a direct extension to object detection is very expensive. This work is motivated by recent progress on certified classification by randomized smoothing. We start by presenting a reduction from object detection to a regression problem. Then, to enable certified regression, where standard mean smoothing fails, we propose median smoothing, which is of independent interest. We obtain the first model-agnostic, training-free, and certified defense for object detection against $\ell_2$-bounded attacks. The code for all experiments in the paper is available at http://github.com/Ping-C/CertifiedObjectDetection .