Attention-Based Real-Time Defenses for Physical Adversarial Attacks in Vision Applications
This work addresses security concerns for safety-critical domains by providing a real-time defense against physical adversarial attacks, though it is incremental as it builds on existing over-activation techniques.
The paper tackles the vulnerability of deep neural networks to real-world adversarial attacks in vision applications by proposing an attention-based defense mechanism that identifies and tracks malicious objects in multi-frame settings, achieving efficient real-time performance with reduced computational costs.
Deep neural networks exhibit excellent performance in computer vision tasks, but their vulnerability to real-world adversarial attacks, achieved through physical objects that can corrupt their predictions, raises serious security concerns for their application in safety-critical domains. Existing defense methods focus on single-frame analysis and are characterized by high computational costs that limit their applicability in multi-frame scenarios, where real-time decisions are crucial. To address this problem, this paper proposes an efficient attention-based defense mechanism that exploits adversarial channel-attention to quickly identify and track malicious objects in shallow network layers and mask their adversarial effects in a multi-frame setting. This work advances the state of the art by enhancing existing over-activation techniques for real-world adversarial attacks to make them usable in real-time applications. It also introduces an efficient multi-frame defense framework, validating its efficacy through extensive experiments aimed at evaluating both defense performance and computational cost.