Object detection has found extensive applications in various tasks, but it is also susceptible to adversarial patch attacks. Existing defense methods often necessitate modifications to the target model or result in unacceptable time overhead. In this paper, we adopt a counterattack approach, following the principle of "fight fire with fire," and propose a novel and general methodology for defending adversarial attacks. We utilize an active defense strategy by injecting two types of defensive patches, canary and woodpecker, into the input to proactively probe or weaken potential adversarial patches without altering the target model. Moreover, inspired by randomization techniques employed in software security, we employ randomized canary and woodpecker injection patterns to defend against defense-aware attacks. The effectiveness and practicality of the proposed method are demonstrated through comprehensive experiments. The results illustrate that canary and woodpecker achieve high performance, even when confronted with unknown attack methods, while incurring limited time overhead. Furthermore, our method also exhibits sufficient robustness against defense-aware attacks, as evidenced by adaptive attack experiments.

翻译：目标检测已在各类任务中得到广泛应用，但其易受对抗性补丁攻击的影响。现有防御方法通常需要修改目标模型或产生难以接受的时间开销。本文采用反击策略，遵循"以火攻火"原则，提出一种新颖且通用的防御对抗攻击方法论。我们通过主动防御策略，在输入中注入两种防御补丁——金丝雀补丁和啄木鸟补丁，以主动探测或削弱潜在对抗性补丁，且无需修改目标模型。此外，受软件安全领域随机化技术的启发，我们采用随机化的金丝雀与啄木鸟注入模式来防御针对防御机制的感知攻击。通过全面实验验证了所提方法的有效性与实用性。结果表明，即使面对未知攻击方法，金丝雀补丁与啄木鸟补丁仍能实现高性能，且仅产生有限的时间开销。自适应攻击实验进一步证明，我们的方法对感知攻击具备充分的鲁棒性。