ImageNet-Patch: A Dataset for Benchmarking Machine Learning Robustness against Adversarial Patches
This provides a benchmark for evaluating machine learning robustness against adversarial patches, but it is incremental as it builds on existing adversarial patch methods.
The authors tackled the problem of computationally demanding adversarial patch optimization by introducing ImageNet-Patch, a dataset of pre-optimized patches that enables faster robustness evaluation, and demonstrated its effectiveness by testing against 127 models.
Adversarial patches are optimized contiguous pixel blocks in an input image that cause a machine-learning model to misclassify it. However, their optimization is computationally demanding, and requires careful hyperparameter tuning, potentially leading to suboptimal robustness evaluations. To overcome these issues, we propose ImageNet-Patch, a dataset to benchmark machine-learning models against adversarial patches. It consists of a set of patches, optimized to generalize across different models, and readily applicable to ImageNet data after preprocessing them with affine transformations. This process enables an approximate yet faster robustness evaluation, leveraging the transferability of adversarial perturbations. We showcase the usefulness of this dataset by testing the effectiveness of the computed patches against 127 models. We conclude by discussing how our dataset could be used as a benchmark for robustness, and how our methodology can be generalized to other domains. We open source our dataset and evaluation code at https://github.com/pralab/ImageNet-Patch.