Concept-Based Masking: A Patch-Agnostic Defense Against Adversarial Patch Attacks
This addresses a practical threat for machine learning security by offering a more flexible defense against adversarial patches, though it is incremental as it builds on existing interpretability and robustness methods.
The paper tackles adversarial patch attacks on deep learning models by proposing a patch-agnostic defense that uses concept-based explanations to neutralize patches without prior knowledge of their size or location, achieving higher robust and clean accuracy than the state-of-the-art PatchCleanser on Imagenette with ResNet-50.
Adversarial patch attacks pose a practical threat to deep learning models by forcing targeted misclassifications through localized perturbations, often realized in the physical world. Existing defenses typically assume prior knowledge of patch size or location, limiting their applicability. In this work, we propose a patch-agnostic defense that leverages concept-based explanations to identify and suppress the most influential concept activation vectors, thereby neutralizing patch effects without explicit detection. Evaluated on Imagenette with a ResNet-50, our method achieves higher robust and clean accuracy than the state-of-the-art PatchCleanser, while maintaining strong performance across varying patch sizes and locations. Our results highlight the promise of combining interpretability with robustness and suggest concept-driven defenses as a scalable strategy for securing machine learning models against adversarial patch attacks.