no code implementations • ICLR 2021 • Jan Hendrik Metzen, Maksym Yatsura
Adversarial patches pose a realistic threat model for physical world attacks on autonomous systems via their perception component.
no code implementations • 13 Sep 2022 • Maksym Yatsura, Kaspar Sakmann, N. Grace Hua, Matthias Hein, Jan Hendrik Metzen
Adversarial patch attacks are an emerging security threat for real world deep learning applications.
1 code implementation • NeurIPS 2021 • Maksym Yatsura, Jan Hendrik Metzen, Matthias Hein
We demonstrate that plugging the learned controller into the attack consistently improves its black-box robustness estimate in different query regimes by up to 20% for a wide range of different models with black-box access.