DorPatch: Distributed and Occlusion-Robust Adversarial Patch to Evade Certifiable Defenses

Chaoxiang He

Network and Distributed System Security (NDSS) Symposium 2024 · Day 3 · Adversarial ML

Deep neural networks (DNNs) have achieved widespread success, yet they remain highly susceptible to adversarial attacks. Among these, **adversarial patch attacks** are particularly concerning due to their physical realizability – a crafted sticker or paint applied to an object can cause a DNN to misclassify it. This talk introduces **DorPatch**, a novel and highly effective adversarial patch attack designed to challenge the integrity of state-of-the-art certifiable defenses. Specifically, DorPatch aims to evade defenses like **PatchCleanser 64**, which provide mathematical guarantees of robustness by assuming patches are spatially bounded.