Defenses Against Multi-Sticker Physical Domain Attacks on Classifiers
This addresses a security threat for visual classifiers, but it is incremental as it builds on prior work on physical attacks.
The paper tackles the problem of defending visual classifiers against multi-sticker physical domain adversarial attacks, showing that their proposed defenses outperform existing methods in this scenario.
Recently, physical domain adversarial attacks have drawn significant attention from the machine learning community. One important attack proposed by Eykholt et al. can fool a classifier by placing black and white stickers on an object such as a road sign. While this attack may pose a significant threat to visual classifiers, there are currently no defenses designed to protect against this attack. In this paper, we propose new defenses that can protect against multi-sticker attacks. We present defensive strategies capable of operating when the defender has full, partial, and no prior information about the attack. By conducting extensive experiments, we show that our proposed defenses can outperform existing defenses against physical attacks when presented with a multi-sticker attack.