Adversarial Patch Detection and Mitigation by Detecting High Entropy Regions

Neural networks have achieved remarkable performance in many applications, such as image classification and object detection, but security and robustness concerns have also been raised. Even the most advanced object detectors are vulnerable to localised patch attacks, where an adversary introduces a small adversarial patch into an image to either cause the detectors to miss real objects or to cause the detectors to detect objects that do not exist. Adversarial patches are able to force state-of-the-art object detectors to make false predictions with a high degree of confidence. These attacks can be carried out in the physical world, and defending against them is an open problem. In this paper, we propose a novel detection approach for real-world adversarial patches based on edge detection. The approach takes advantage of the fact that patches are high entropy regions featuring many edges and details. We evaluated our approach on a subset of the APRICOT and MS COCO datasets. In total, we achieve over 88% IoU on samples featuring adversarial patches.