Go to DBLP homepageVulnerability of CNNs against Multi-Patch Attacks
Abstract: Convolutional Neural Networks have become an integral part of anomaly detection in Cyber-Physical Systems (CPS). Although highly accurate, the advent of adversarial patches exposed the vulnerability of CNNs, posing a security concern for safety-critical CPS. The current form of patch attacks often involves only a single adversarial patch. Using multiple patches enables the attacker to craft a stronger adversary by utilizing various combinations of the patches and their respective locations. Moreover, mitigating multiple patches is a challenging task in practice due to the nascence of the domain. In this work, we present three novel ways to perform an attack with multiple patches: Split, Mono-Multi, and Poly-Multi attacks. We also propose a search method named 'Boundary Space Search (BSS)' for the placement of patches to enhance the attack's efficacy further, experimenting on EuroSAT, Imagenette, and CIFAR10 datasets for various perturbation levels across diverse model architectures. The results show that the Poly-Multi attack outperforms other multi-patch and single-patch attacks and the best perception stealth to surpass the detection. We also highlight the trade-off between the number of patches and the patch size in a Multi-Patch attack. In the end, we analyze the ability of the Multi-Patch attack to overcome state-of-the-art defenses designed for single patch attacks.
Loading