BEGIN:VCALENDAR
VERSION:2.0
PRODID:Linklings LLC
BEGIN:VTIMEZONE
TZID:America/Los_Angeles
X-LIC-LOCATION:America/Los_Angeles
BEGIN:DAYLIGHT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
TZNAME:PDT
DTSTART:19700308T020000
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
TZNAME:PST
DTSTART:19701101T020000
RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20240626T180034Z
LOCATION:3002\, 3rd Floor
DTSTART;TZID=America/Los_Angeles:20240626T164500
DTEND;TZID=America/Los_Angeles:20240626T170000
UID:dac_DAC 2024_sess106_RESEARCH1264@linklings.com
SUMMARY:Defending against Adversarial Patches using Dimensionality Reducti
 on
DESCRIPTION:Research Manuscript\n\nNandish Chattopadhyay (New York Univers
 ity); Amira Guesmi and Muhammad Abdullah Hanif (New York University, Abu D
 habi); Bassem Ouni (Technology Innovation Institute); and Muhammad Shafiqu
 e (New York University, Abu Dhabi)\n\nreliable use of machine learning mod
 els. These attacks involve the strategic modification of localized patches
  or specific image areas to deceive trained machine learning models. In th
 is paper, we propose DefensiveDR, a practical mechanism using a dimensiona
 lity reduction technique to thwart such patch-based attacks. Our method in
 volves projecting the sample images onto a lower-dimensional space while r
 etaining essential information or variability for effective machine learni
 ng tasks. We perform this using two techniques, Singular Value Decompositi
 on and t-Distributed Stochastic Neighbour Embedding. We experimentally tun
 e the variability to be preserved for optimal performance as a hyper-param
 eter. This dimension reduction substantially mitigates adversarial perturb
 ations, thereby enhancing the robustness of the given machine learning mod
 el. Our defense is model-agnostic and operates without assumptions about a
 ccess to model decisions or model architectures, making it effective in bo
 th black-box and white-box settings. Furthermore, it maintains accuracy ac
 ross various models and remains robust against several unseen patch-based 
 attacks. The proposed defensive approach improves the accuracy from 38.8% 
 (without defense) to 66.2% (with defense) when performing LaVAN and Google
 Ap attacks, which supersedes that of the prominent state-of-the-art like L
 GS (53.86%) and Jujutsu (60%).\n\nTopic: AI, Security\n\nKeyword: AI/ML Se
 curity/Privacy\n\nSession Chair: Benjamin Tan (University of Calgary)
END:VEVENT
END:VCALENDAR