Object detection models, which are widely used in various domains (such as retail), have been shown to be vulnerable to adversarial attacks. Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can: i) detect adversarial samples in real time, allowing the defender to take preventive action; ii) provide explanations for the alerts raised to support the defender's decision-making process, and iii) handle unfamiliar threats in the form of new attacks. Given a new scene, X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques to determine whether an alert needs to be raised. X-Detect was evaluated in both the physical and digital space using five different attack scenarios (including adaptive attacks) and the COCO dataset and our new Superstore dataset. The physical evaluation was performed using a smart shopping cart setup in real-world settings and included 17 adversarial patch attacks recorded in 1,700 adversarial videos. The results showed that X-Detect outperforms the state-of-the-art methods in distinguishing between benign and adversarial scenes for all attack scenarios while maintaining a 0% FPR (no false alarms) and providing actionable explanations for the alerts raised. A demo is available.

翻译：物体检测模型广泛应用于零售等各个领域，但已被证明易受对抗攻击影响。现有针对物体检测器的对抗攻击检测方法难以应对新型真实攻击。我们提出X-Detect——一种新型对抗补丁检测器，能够：i）实时检测对抗样本，使防御方能够采取预防措施；ii）为所触发的警报提供解释以支持防御方的决策过程；iii）以未知攻击形式处理不熟悉威胁。针对新场景，X-Detect采用可解释性设计的集成检测器组，通过物体提取、场景操控和特征变换技术判断是否需要触发警报。我们在物理空间和数字空间中使用五种攻击场景（包括自适应攻击）以及COCO数据集和新构建的Superstore数据集对X-Detect进行评估。物理评估采用真实环境中的智能购物车装置完成，涵盖1,700个对抗视频中记录的17种对抗补丁攻击。结果表明，X-Detect在所有攻击场景中区分良性场景与对抗场景方面均优于现有最优方法，同时保持0%的假阳性率（无虚警），并为所触发警报提供可操作解释。系统演示已开放。