Certified Patch Robustness via Smoothed Vision Transformers
This work addresses the challenge of ensuring robust image classification against adversarial patches for security-critical applications, representing an incremental improvement over existing methods.
The paper tackles the problem of certified patch robustness for image classifiers, which previously suffered from degraded accuracy and slow inference, and demonstrates that using vision transformers significantly improves certified robustness while maintaining computational efficiency and standard accuracy.
Certified patch defenses can guarantee robustness of an image classifier to arbitrary changes within a bounded contiguous region. But, currently, this robustness comes at a cost of degraded standard accuracies and slower inference times. We demonstrate how using vision transformers enables significantly better certified patch robustness that is also more computationally efficient and does not incur a substantial drop in standard accuracy. These improvements stem from the inherent ability of the vision transformer to gracefully handle largely masked images. Our code is available at https://github.com/MadryLab/smoothed-vit.