Certifiable Patch Defense

Certifiable patch defense aims to develop robust image recognition systems that are resistant to adversarial attacks involving strategically placed patches designed to mislead the classifier. Current research focuses on developing patch-agnostic defense mechanisms, often employing Vision Transformers (ViTs) and incorporating techniques like derandomized smoothing to provide provable guarantees of robustness against a wide range of patch attacks. This area is crucial for improving the reliability and security of computer vision systems in real-world applications, particularly where physical attacks are a concern, by ensuring accurate classification even in the presence of malicious perturbations.