Adversarial Patch Robustness against Occlusion: A case study

Neural networks have demonstrated remarkable success in tasks like image classification and object detection. However, concerns persist regarding their security and robustness. Even state-of-the-art object detectors are vulnerable to localized patch attacks, which could potentially result in safety-critical failures. In such attacks, adversaries introduce a small, subtle adversarial patch within an image, leading detectors to either overlook real objects or identify nonexistent ones. These patches often cause even the most advanced detectors to make highly confident yet erroneous predictions. The potential real-world consequences of these attacks amplify the seriousness of these concerns. This paper presents a study on the robustness of patch attacks against occlusions. We evaluated patch attacks using the APRICOT dataset and a set of COCO images with the robust DPatch, testing its performance against occlusions of various sizes and colors in both clipped and unclipped conditions. Moreover, our study demonstrates that digitally applied occlusions can act as a defense mechanism by neutralizing adversarial patches once they have been localized. Additionally, simple occlusion is shown to be a computationally more efficient mitigation strategy compared to inpainting. It also effectively reduces hallucinations and false detections or classifications that frequently occur with diffusion-based inpainting methods.