ImageNet-Patch: A dataset for benchmarking machine learning robustness against adversarial patches
Published in Pattern Recognition, 2023
Recommended citation: Maura Pintor, Daniele Angioni, Angelo Sotgiu, Luca Demetrio, Ambra Demontis, Battista Biggio, Fabio Roli, "ImageNet-Patch: A dataset for benchmarking machine learning robustness against adversarial patches." Pattern Recognition, 2023. https://arxiv.org/abs/2203.04412
Abstract:
Adversarial patches are optimized contiguous pixel blocks in an input image that cause a machine-learning model to misclassify it. However, their optimization is computationally demanding, and requires careful hyperparameter tuning, potentially leading to suboptimal robustness evaluations. To overcome these issues, we propose ImageNet-Patch, a dataset to benchmark machine- learning models against adversarial patches. It consists of a set of patches, optimized to generalize across different models, and readily applicable to ImageNet data after preprocessing them with affine transformations. This process enables an approximate yet faster robustness evaluation, leveraging the transferability of adversarial perturbations. We showcase the usefulness of this dataset by testing the effectiveness of the computed patches against 127 models. We conclude by discussing how our dataset could be used as a benchmark for robustness, and how our methodology can be generalized to other domains. We open source our dataset and evaluation code at https://github.com/pralab/ImageNet-Patch.
BibTeX:
@article{pintor2023imagenet,
author = {Pintor, Maura and Angioni, Daniele and Sotgiu, Angelo and Demetrio, Luca and Demontis, Ambra and Biggio, Battista and Roli, Fabio},
title = {ImageNet-Patch: A dataset for benchmarking machine learning robustness against adversarial patches},
journal = {Pattern Recognition},
volume = {134},
pages = {109064},
year = {2023},
publisher = {Elsevier},
url = {https://arxiv.org/abs/2203.04412}
}