17949980. System and Method with Masking for Certified Defense Against Adversarial Patch Attacks simplified abstract (Robert Bosch GmbH)
System and Method with Masking for Certified Defense Against Adversarial Patch Attacks
Organization Name
Inventor(s)
Shuhua Yu of Pittsburgh PA (US)
Aniruddha Saha of Elkridge MD (US)
Chaithanya Kumar Mummadi of Pittsburgh PA (US)
System and Method with Masking for Certified Defense Against Adversarial Patch Attacks - A simplified explanation of the abstract
This abstract first appeared for US patent application 17949980 titled 'System and Method with Masking for Certified Defense Against Adversarial Patch Attacks
Simplified Explanation
The patent application describes a system and method for defending against adversarial patch attacks using a combination of one-mask and two-mask images and predictions. Here is a simplified explanation of the patent application:
- A set of one-mask images is generated by applying a first mask to predetermined regions of a source image obtained from a sensor.
- One-mask predictions are generated based on the set of one-mask images using a machine learning system.
- A first one-mask image is extracted and associated with a prediction identified as a minority among the set of one-mask predictions.
- A set of two-mask images is generated by masking the first one-mask image with a set of second masks, including at least a first submask and a second submask with different dimensions.
- Two-mask predictions are generated based on the set of two-mask images, and class data is selected based on these predictions to classify the source image.
---
- Potential Applications
- Image recognition systems
- Security systems
- Anti-adversarial attack technologies
- Problems Solved
- Defending against adversarial patch attacks
- Enhancing the accuracy of image classification systems
- Improving the security of sensor-based technologies
- Benefits
- Increased resilience against adversarial attacks
- Enhanced protection for sensitive data
- Improved performance of machine learning systems
- Potential Commercial Applications
- Enhancing Image Recognition Security with Two-Mask Technology
- Potential Commercial Applications
---
- Possible Prior Art
No prior art is known at this time.
---
- Unanswered Questions
- How does the system handle complex and overlapping masks in the image?
The patent application does not provide specific details on how the system deals with complex or overlapping masks in the image. Further clarification on this aspect would be beneficial.
- What is the computational overhead of generating and processing two-mask images?
The patent application does not discuss the computational resources required for generating and processing two-mask images. Understanding the computational overhead of this process is essential for assessing the practicality of implementing this technology.
Original Abstract Submitted
A computer-implemented system and method relate to certified defense against adversarial patch attacks. A set of one-mask images is generated using a first mask at a set of predetermined regions of a source image. The source image is obtained from a sensor. A set of one-mask predictions is generated, via a machine learning system, based on the set of one-mask images. A first one-mask image is extracted from the set of one-mask images. The first one-mask image is associated with a first one-mask prediction that is identified as a minority amongst the set of one-mask predictions. A set of two-mask images is generated by masking the first one-mask image using a set of second masks. The set of second masks include at least a first submask and a second submask in which a dimension of the first submask is less than a dimension of the first mask. A set of two-mask predictions is generated based on the set of two-mask images. Class data, which classifies the source image, is selected based on the set of two-mask predictions.
