Fight Fire with Fire: Combating Adversarial Patch Attacks using Pattern-randomized Defensive Patches
This addresses security vulnerabilities in object detection systems, offering a practical defense against adversarial attacks, though it is incremental as it builds on counterattack strategies.
The paper tackles adversarial patch attacks on object detection by introducing pattern-randomized defensive patches (canary and woodpecker) that detect attacks without modifying the model, achieving high performance with limited time overhead and robustness against adaptive attacks.
Object detection has found extensive applications in various tasks, but it is also susceptible to adversarial patch attacks. The ideal defense should be effective, efficient, easy to deploy, and capable of withstanding adaptive attacks. In this paper, we adopt a counterattack strategy to propose a novel and general methodology for defending adversarial attacks. Two types of defensive patches, canary and woodpecker, are specially-crafted and injected into the model input to proactively probe or counteract potential adversarial patches. In this manner, adversarial patch attacks can be effectively detected by simply analyzing the model output, without the need to alter the target model. Moreover, we employ randomized canary and woodpecker injection patterns to defend against defense-aware attacks. The effectiveness and practicality of the proposed method are demonstrated through comprehensive experiments. The results illustrate that canary and woodpecker achieve high performance, even when confronted with unknown attack methods, while incurring limited time overhead. Furthermore, our method also exhibits sufficient robustness against defense-aware attacks, as evidenced by adaptive attack experiments.