all InfoSec news
Certifiable (Multi)Robustness Against Patch Attacks Using ERM. (arXiv:2303.08944v1 [cs.LG])
cs.CR updates on arXiv.org arxiv.org
Consider patch attacks, where at test-time an adversary manipulates a test
image with a patch in order to induce a targeted misclassification. We consider
a recent defense to patch attacks, Patch-Cleanser (Xiang et al. [2022]). The
Patch-Cleanser algorithm requires a prediction model to have a ``two-mask
correctness'' property, meaning that the prediction model should correctly
classify any image when any two blank masks replace portions of the image.
Xiang et al. learn a prediction model to be robust to two-mask …
adversary algorithm attacks correctness defense masks order patch prediction robustness test