US 12,242,657 B2
Method and system of crown based for adversarial attacks
Leslie Rice, Pittsburgh, PA (US); Huan Zhang, Pittsburgh, PA (US); Wan-Yi Lin, Wexford, PA (US); and Jeremy Kolter, Pittsburgh, PA (US)
Assigned to Robert Bosch GmbH, (DE); and Carnegie Mellon University
Filed by Robert Bosch GmbH, Stuttgart (DE); and Carnegie Mellon University, Pittsburgh, PA (US)
Filed on Jul. 26, 2022, as Appl. No. 17/873,661.
Prior Publication US 2024/0037282 A1, Feb. 1, 2024
Int. Cl. G06V 10/44 (2022.01); G06F 21/64 (2013.01); G06V 10/764 (2022.01)
CPC G06F 21/64 (2013.01) [G06V 10/454 (2022.01); G06V 10/764 (2022.01)] 20 Claims
OG exemplary drawing
 
1. A method of identifying an attack comprising:
receiving an input of one or more images, wherein the one or more images includes a patch size and size;
dividing one of the one or more images into a first sub-image and a second sub-image;
dividing a domain of a verification problem into a plurality of sub-domains;
verifying the first sub-image and the second sub-image until all sub-domains are certified or split until each sub-domain contains only one patch location;
classifying the first sub-image and the second sub-image, wherein classifying is accomplished via introducing a Boolean variable in a pixel location associated with the first and second sub-image, wherein the Boolean variable identifies the pixel location; and
in response to classifying the first and second sub-image and identifying an adversarial patch, outputting a notification indicating that the input is not certified.