ML Anthology

Certified Patch Robustness via Smoothed Vision Transformers

Hadi Salman, Saachi Jain, Eric Wong, Aleksander Madry
CVPR 2022 pp. 15137-15147
doi:10.1109/CVPR52688.2022.01471 /cvpr/2022/salman2022cvpr-certified/

Abstract

Certified patch defenses can guarantee robustness of an image classifier to arbitrary changes within a bounded contiguous region. But, currently, this robustness comes at a cost of degraded standard accuracies and slower inference times. We demonstrate how using vision transformers enables significantly better certified patch robustness that is also more computationally efficient and does not incur a substantial drop in standard accuracy. These improvements stem from the inherent ability of the vision transformer to gracefully handle largely masked images.

PDF CVPR Semantic Scholar

Cite

Text

Salman et al. "Certified Patch Robustness via Smoothed Vision Transformers." Conference on Computer Vision and Pattern Recognition, 2022. doi:10.1109/CVPR52688.2022.01471

Markdown

[Salman et al. "Certified Patch Robustness via Smoothed Vision Transformers." Conference on Computer Vision and Pattern Recognition, 2022.](https://mlanthology.org/cvpr/2022/salman2022cvpr-certified/) doi:10.1109/CVPR52688.2022.01471

BibTeX

@inproceedings{salman2022cvpr-certified,
  title     = {{Certified Patch Robustness via Smoothed Vision Transformers}},
  author    = {Salman, Hadi and Jain, Saachi and Wong, Eric and Madry, Aleksander},
  booktitle = {Conference on Computer Vision and Pattern Recognition},
  year      = {2022},
  pages     = {15137-15147},
  doi       = {10.1109/CVPR52688.2022.01471},
  url       = {https://mlanthology.org/cvpr/2022/salman2022cvpr-certified/}
}