Performance Measurement and Analysis ofCertifiable Defenses against Adversarial PatchAttacks
Discuss this preprint
Start a discussion What are Sciety discussions?Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
We consider deep learning-based perception in real-time, safety-critical cyber-physical systems (CPS), such as autonomous driving and robotics, where embedded computing platforms typically operate under limited hardware resources due to SWaP-C (Size, Weight, Power, and Cost) constraints. In computer vision-based deep learning perception, adversarial patch attacks have emerged as a powerful method for deceiving classifiers. These attacks involve placing a carefully crafted patch on the input image, constituting a physically realizable and practical threat. Defense techniques against such attacks remain an active area of research. In this study, we evaluate and compare six well-known certifiable adversarial patch defenses, encompassing 14 models, across three different hardware platforms. We analyze their performance in terms of accuracy and processing time, highlighting key trade-offs. This paper aims to serve as a reference for selecting adversarial patch defense algorithms in real-time, safety-critical applications.