	US 12,236,695 B2
	System and method with masking for certified defense against adversarial patch attacks
Shuhua Yu, Pittsburgh, PA (US); Aniruddha Saha, Elkridge, MD (US); Chaithanya Kumar Mummadi, Pittsburgh, PA (US); and Wan-Yi Lin, Wexford, PA (US)
Assigned to Robert Bosch GmbH, Stuttgart (DE)
Filed by Robert Bosch GmbH, Stuttgart (DE)
Filed on Sep. 21, 2022, as Appl. No. 17/949,980.
Prior Publication US 2024/0096120 A1, Mar. 21, 2024
Int. Cl. G06V 20/00 (2022.01); G06V 10/22 (2022.01); G06V 10/26 (2022.01); G06V 10/764 (2022.01); G06V 20/52 (2022.01)

CPC G06V 20/95 (2022.01) [G06V 10/22 (2022.01); G06V 10/267 (2022.01); G06V 10/764 (2022.01); G06V 20/52 (2022.01)]

20 Claims

1. A computer-implemented method for defending against adversarial patch attacks, the method comprising:

receiving a source image obtained from a sensor;

generating a set of one-mask images using a first mask at a set of predetermined regions of the source image;

generating, via a machine learning system, a set of one-mask predictions based on the set of one-mask images;

extracting a first one-mask image from the set of one-mask images, the first one-mask image being associated with a first one-mask prediction that is identified as a minority amongst the set of one-mask predictions;

generating a set of two-mask images by masking the first one-mask image using a set of second masks at the set of predetermined regions, the set of second masks including at least a first submask and a second submask in which a dimension of the first submask is less than a dimension of the first mask;

generating, via the machine learning system, a set of two-mask predictions based on the set of two-mask images; and

selecting class data that classifies the source image based on the set of two-mask predictions.