RAPID: Robust multi-pAtch masker using channel-wise Pooled varIance with two-stage patch Detection

IF 5.2 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of King Saud University-Computer and Information Sciences Pub Date : 2024-09-11 DOI:10.1016/j.jksuci.2024.102188

Heemin Kim , Byeong-Chan Kim , Sumi Lee , Minjung Kang , Hyunjee Nam , Sunghwan Park , Il-Youp Kwak , Jaewoo Lee

{"title":"RAPID: Robust multi-pAtch masker using channel-wise Pooled varIance with two-stage patch Detection","authors":"Heemin Kim , Byeong-Chan Kim , Sumi Lee , Minjung Kang , Hyunjee Nam , Sunghwan Park , Il-Youp Kwak , Jaewoo Lee","doi":"10.1016/j.jksuci.2024.102188","DOIUrl":null,"url":null,"abstract":"<div>Recently, adversarial patches have become frequently used in adversarial attacks in real-world settings, evolving into various shapes and numbers. However, existing defense methods often exhibit limitations in addressing specific attacks, datasets, or conditions. This underscores the demand for versatile and robust defenses capable of operating across diverse scenarios. In this paper, we propose the RAPID (Robust multi-pAtch masker using channel-wise Pooled varIance with two-stage patch Detection) framework, a stable solution to restore detection efficacy in the presence of multiple patches. The RAPID framework excels in defending against attacks regardless of patch number or shape, offering a versatile defense adaptable to diverse adversarial scenarios. RAPID employs a two-stage strategy to identify and mask coordinates associated with patch attacks. In the first stage, we propose the ‘channel-wise pooled variance’ to detect candidate patch regions. In the second step, upon detecting these regions, we identify dense areas as patches and mask them accordingly. This framework easily integrates into the preprocessing stage of any object detection model due to its independent structure, requiring no modifications to the model itself. Evaluation indicates that RAPID enhances robustness by up to 60% compared to other defenses. RAPID achieves mAP50 and mAP@50-95 values of 0.696 and 0.479, respectively.</div>","PeriodicalId":48547,"journal":{"name":"Journal of King Saud University-Computer and Information Sciences","volume":null,"pages":null},"PeriodicalIF":5.2000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1319157824002775/pdfft?md5=097312e661d7cf2bd4bcbc118fd164bd&pid=1-s2.0-S1319157824002775-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of King Saud University-Computer and Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1319157824002775","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Recently, adversarial patches have become frequently used in adversarial attacks in real-world settings, evolving into various shapes and numbers. However, existing defense methods often exhibit limitations in addressing specific attacks, datasets, or conditions. This underscores the demand for versatile and robust defenses capable of operating across diverse scenarios. In this paper, we propose the RAPID (Robust multi-pAtch masker using channel-wise Pooled varIance with two-stage patch Detection) framework, a stable solution to restore detection efficacy in the presence of multiple patches. The RAPID framework excels in defending against attacks regardless of patch number or shape, offering a versatile defense adaptable to diverse adversarial scenarios. RAPID employs a two-stage strategy to identify and mask coordinates associated with patch attacks. In the first stage, we propose the ‘channel-wise pooled variance’ to detect candidate patch regions. In the second step, upon detecting these regions, we identify dense areas as patches and mask them accordingly. This framework easily integrates into the preprocessing stage of any object detection model due to its independent structure, requiring no modifications to the model itself. Evaluation indicates that RAPID enhances robustness by up to 60% compared to other defenses. RAPID achieves mAP50 and mAP@50-95 values of 0.696 and 0.479, respectively.

查看原文本刊更多论文

RAPID：利用信道汇集变异和两级补丁检测的鲁棒多咀屏蔽器

最近，对抗性补丁在现实世界的对抗性攻击中被频繁使用，并演变成各种形状和数量。然而，现有的防御方法在应对特定攻击、数据集或条件时往往表现出局限性。这凸显了对能够在不同场景下运行的多功能、强大的防御系统的需求。在本文中，我们提出了 RAPID（Robust multi-pAtch masker using channel-wise Pooled varIance with two-stage patch Detection）框架，这是一种在存在多个补丁的情况下恢复检测功效的稳定解决方案。RAPID 框架在抵御攻击方面表现出色，无论补丁数量或形状如何，都能提供适应不同对抗场景的多功能防御。RAPID 采用两阶段策略来识别和屏蔽与补丁攻击相关的坐标。在第一阶段，我们提出了 "信道汇集方差 "来检测候选补丁区域。第二步，在检测到这些区域后，我们将密集区域识别为补丁，并对其进行相应的屏蔽。由于该框架结构独立，无需修改模型本身，因此可轻松集成到任何物体检测模型的预处理阶段。评估结果表明，与其他防御方法相比，RAPID 增强了高达 60% 的鲁棒性。RAPID 的 mAP50 和 mAP@50-95 值分别为 0.696 和 0.479。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of King Saud University-Computer and Information Sciences COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

10.50

自引率

8.70%

发文量

656

审稿时长

29 days

期刊介绍： In 2022 the Journal of King Saud University - Computer and Information Sciences will become an author paid open access journal. Authors who submit their manuscript after October 31st 2021 will be asked to pay an Article Processing Charge (APC) after acceptance of their paper to make their work immediately, permanently, and freely accessible to all. The Journal of King Saud University Computer and Information Sciences is a refereed, international journal that covers all aspects of both foundations of computer and its practical applications.