Adversarial Pixel Masking: A Defense against Physical A.acks for Pre-trained Object Detectors

Object detection based on pre-trained deep neural networks (DNNs) has achieved impressive performance and enabled many applications. However, DNN-based object detectors are shown to be vulnerable to physical adversarial attacks. Despite that recent e.orts have been made to defend against these attacks, they either use strong assumptions or become less e.ective with pre-trained object detectors. In this paper, we propose adversarial pixel masking (APM), a defense against physical attacks, which is designed specifically for pre-trained object detectors. APM does not require any assumptions beyond the "patch-like" nature of a physical attack and can work with di.erent pre-trained object detectors of di.erent architectures and weights, making it a practical solution in many applications. We conduct extensive experiments, and the empirical results show that APM can signi.cantly improve model robustness without signi.cantly degrading clean performance.