Near Real-time Detection and Rectification of Adversarial Patches

Neural networks tend to produce false predictions when exposed to adversarial examples. These incorrect predictions raise concerns about the safety and reliability of ML-based decision-making, presenting significant risks in real-world scenarios, particularly in the context of Autonomous Vehicles (AVs). Therefore, we propose a two-step method to address this issue. Firstly, we introduce a method to identify adversarial regions in the input samples, such as adversarial patches or stickers. Secondly, we leverage deep neural networks to correct the detected patches. This approach allows us to obtain accurate predictions from the neural networks after restoring the adversarial regions. Our evaluation results demonstrate that the proposed method is considerably faster than the average human response time, which includes traffic sign recognition and decision-making processes related to applying brakes or not. Additionally, we compare the impact of different restoration methods on the prediction results. Overall, the integration of the detection and correction methods within our proposed framework effectively mitigates the effect of adversarial examples in real-world scenarios.