Performance Measurement and Analysis ofCertifiable Defenses against Adversarial PatchAttacks
Listed in
This article is not in any list yet, why not save it to one of your lists.Abstract
We consider deep learning-based perception in real-time, safety-critical cyber-physical systems (CPS), such as autonomous driving and robotics, where embedded computing platforms typically operate under limited hardware resources due to SWaP-C (Size, Weight, Power, and Cost) constraints. In computer vision-based deep learning perception, adversarial patch attacks have emerged as a powerful method for deceiving classifiers. These attacks involve placing a carefully crafted patch on the input image, constituting a physically realizable and practical threat. Defense techniques against such attacks remain an active area of research. In this study, we evaluate and compare six well-known certifiable adversarial patch defenses, encompassing 14 models, across three different hardware platforms. We analyze their performance in terms of accuracy and processing time, highlighting key trade-offs. This paper aims to serve as a reference for selecting adversarial patch defense algorithms in real-time, safety-critical applications.