Attribution guided purification against adversarial patch

Adversarial patch is a threat to computer vision systems, as they can mislead the deep learning model by adding carefully designed stickers or patterns into images. This vulnerability has posed a serious challenge to the application of DNNs in security-critical domains such as security vision systems and autonomous driving. Researchers are actively working on defense strategies to counter adversarial patches. In this paper, a plug-and-play solution defense method is proposed that combines traditional masking with purification techniques. We implement the defense by leveraging a credible attribution algorithm mechanism. Compared to other heuristic methods, our approach minimizes the destruction of input images, reduces the distribution shift introduced by masking, and offers attack-agnostic protection without a carefully designed deep learning model. Our evaluation shows that our approach successfully enhances the security of computer vision systems against adversarial patches, safeguarding their trustworthiness in various applications.