University of Cagliari
partially_open
ImageNet-Patch: A Dataset for Benchmarking Machine Learning Robustness against Adversarial Patches
Maura PintorFirst
;Daniele Angioni;Angelo Sotgiu;Luca Demetrio;Ambra Demontis
;Battista Biggio;Fabio RoliLast
2023-01-01
Abstract
Adversarial patches are optimized contiguous pixel blocks in an input image that cause a machine-learning model to misclassify it. However, their optimization is computationally demanding, and requires careful hyperparameter tuning, potentially leading to suboptimal robustness evaluations. To overcome these issues, we propose ImageNet-Patch, a dataset to benchmark machine-learning models against adversarial patches. The dataset is built by first optimizing a set of adversarial patches against an ensemble of models, using a state-of-the-art attack that creates transferable patches. The corresponding patches are then randomly rotated and translated, and finally applied to the ImageNet data. We use ImageNet-Patch to benchmark the robustness of 127 models against patch attacks, and also validate the effectiveness of the given patches in the physical domain (i.e., by printing and applying them to real-world objects). We conclude by discussing how our dataset could be used as a benchmark for robustness, and how our methodology can be generalized to other domains. We open source our dataset and evaluation code at https://github.com/pralab/ImageNet-Patch.
Files in This Item:
| File | Size | Format | |
|---|---|---|---|
| 1-s2.0-S0031320322005441-main.pdf Solo gestori archivio
Description: Versione editoriale
Type: versione editoriale
Size 3.59 MB
Format Adobe PDF
|
3.59 MB | Adobe PDF | & nbsp; View / Open Request a copy |
| imagenet_patch_arxiv.pdf open access
Type: versione pre-print
Size 3.18 MB
Format Adobe PDF
|
3.18 MB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.