Abstract
Recently, the object detection based on deep learning has proven to bevulnerable to adversarial patch attacks. The attackers holding a speciallycrafted patch can hide themselves from the state-of-the-art person detectors,e.g., YOLO, even in the physical world. This kind of attack can bring serioussecurity threats, such as escaping from surveillance cameras. In this paper, wedeeply explore the detection problems about the adversarial patch attacks tothe object detection. First, we identify a leverageable signature of existingadversarial patches from the point of the visualization explanation. A fastsignature-based defense method is proposed and demonstrated to be effective.Second, we design an improved patch generation algorithm to reveal the riskthat the signature-based way may be bypassed by the techniques emerging in thefuture. The newly generated adversarial patches can successfully evade theproposed signature-based defense. Finally, we present a novelsignature-independent detection method based on the internal content semanticsconsistency rather than any attack-specific prior knowledge. The fundamentalintuition is that the adversarial object can appear locally but disappearglobally in an input image. The experiments demonstrate that thesignature-independent method can effectively detect the existing and improvedattacks. It has also proven to be a general method by detecting unforeseen andeven other types of attacks without any attack-specific prior knowledge. Thetwo proposed detection methods can be adopted in different scenarios, and webelieve that combining them can offer a comprehensive protection.