Jedi: Entropy-based Localization and Removal of Adversarial Patches. (arXiv:2304.10029v1 [cs.CR])

Real-world adversarial physical patches were shown to be successful in
compromising state-of-the-art models in a variety of computer vision
applications. Existing defenses that are based on either input gradient or
features analysis have been compromised by recent GAN-based attacks that
generate naturalistic patches. In this paper, we propose Jedi, a new defense
against adversarial patches that is resilient to realistic patch attacks. Jedi
tackles the patch localization problem from an information theory perspective;
leverages two new ideas: (1) it improves …

adversarial analysis applications art attacks compromised computer computer vision defense entropy features gan ideas identification information input localization patch patches perspective physical problem state theory world