CVPR Poster A Unified, Resilient, and Explainable Adversarial Patch Detector

Poster

A Unified, Resilient, and Explainable Adversarial Patch Detector

Vishesh Kumar · Akshay Agarwal

[ Abstract ]

Abstract:

Deep Neural Networks (DNNs), backbone architecture in $a l m o s t' e v e r y c o m p u t e r v i s i o n t a s k, a r e v \underset{̲}{\neq} r a b \leq \to a d v e r s a r i a l a a c k s, p a r t i c \underset{̲}{a} r l y p h y s i c a l o u t - o f - d i s t r i b u t i o n (O O D) a d v e r s a r i a l p a t c h e s . E ξ s t \in g ⊨ o f t e n s t r u g g \leq w i t h \int e r p r e t \in g t h e s e a a c k s \in w a y s t \hat{a} l i g n w i t h h u m a n v i s u a l p e r c e p t i o n . O u r \propto o s e d A d v P a t c h X A I \int r o d u c e s a \geq \neq r a l i z e d, r o b u s t, and \exp l a \in a b \leq d e f e n s e a l g or i t h m s p e c if i c a l l y d e s i g \neq d \to d e f e n d D ℕ s a g a \in s t p h y s i c a l a d v e r s a r i a l t h r e a t s . A d v P a t c h X A I e m p l o y s a n o v e l p a t c h d e c or r e l a t i o n l o s s t \hat{r} e d u c e s f e a t u r e r e d u n d a n c y and e n h a n c e s t h e d i s t \in c t i v e \neq s s o f p a t c h r e p r e s e n t a t i o n s, e n a b l \in g b e e r \geq \neq r a l i z a t i o n a c r o s s u n s e e n a d v e r s a r i a l s c e n a r i o s . I t \leq a r n s p r o \to t y π c a l p a r t s \in a s e l f - \supseteq r v i s e d f a s h i o n, e n h a n c \in g \int e r p r η b i l i t y and c or r e l a t i o n w i t h h u m a n v i s i o n . T h e mod e l u t i l i z e s a s p a r s e l \in e a r l a y e r f or c l a s s if i c a t i o n, m a k \in g t h e d e c i s i o n - m a k \in g p r o c e s s g l o b a l l y \int e r p r η b \leq t h r o u g h a s e t o f \leq a r \neq d p r o \to t y p e s and l o c a l l y \exp l a \in a b \leq b y π n p \oint \in g r e \leq v a n t p r o \to t y p e s w i t h \in a n i m a \geq . O u r c o m p r e h e n s i v e e v a l u a t i o n s h o w s t \hat{A} d v P a t c h X A I \neg o n l y c l o s e s t h e$ $almost' every computer vision task, are vulnerable to adversarial attacks, particularly physical out-of-distribution (OOD) adversarial patches. Existing models often struggle with interpreting these attacks in ways that align with human visual perception. Our proposed AdvPatchXAI introduces a generalized, robust, and explainable defense algorithm specifically designed to defend DNNs against physical adversarial threats. AdvPatchXAI employs a novel patch decorrelation loss that reduces feature redundancy and enhances the distinctiveness of patch representations, enabling better generalization across unseen adversarial scenarios. It learns prototypical parts in a self-supervised fashion, enhancing interpretability and correlation with human vision. The model utilizes a sparse linear layer for classification, making the decision-making process globally interpretable through a set of learned prototypes and locally explainable by pinpointing relevant prototypes within an image. Our comprehensive evaluation shows that AdvPatchXAI not only closes the$ `semantic'' gap between latent space and pixel space but also effectively handles unseen adversarial patches even perturbed with unseen corruptions, thereby significantly advancing DNN robustness in practical settings.

Live content is unavailable. Log in and register to view live content