Real-Time Robust Video Object Detection System Against Physical-World Adversarial Attacks
This work addresses security vulnerabilities in real-time vision tasks like autonomous driving and surveillance, offering a practical defense against adversarial attacks.
The paper tackles the problem of adversarial patch attacks on video object detection systems by proposing Themis, a software/hardware system that detects and eliminates adversarial effects, recovering system performance with negligible hardware overhead.
DNN-based video object detection (VOD) powers autonomous driving and video surveillance industries with rising importance and promising opportunities. However, adversarial patch attack yields huge concern in live vision tasks because of its practicality, feasibility, and powerful attack effectiveness. This work proposes Themis, a software/hardware system to defend against adversarial patches for real-time robust video object detection. We observe that adversarial patches exhibit extremely localized superficial feature importance in a small region with non-robust predictions, and thus propose the adversarial region detection algorithm for adversarial effect elimination. Themis also proposes a systematic design to efficiently support the algorithm by eliminating redundant computations and memory traffics. Experimental results show that the proposed methodology can effectively recover the system from the adversarial attack with negligible hardware overhead.