A Dataset of Physical Adversarial Attacks on Object Detection

Physical adversarial attacks threaten to fool object detection systems, but reproducible research on the real-world effectiveness of physical patches and how to defend against them requires a publicly available benchmark dataset. APRICOT (Adversarial Patches Rearranged in COnText) is a dataset created to fill this gap.

The APRICOT dataset contains over 1000 images of printed adversarial patches in-the-wild. It is designed to be used in conjunction with the COCO dataset and COCO-trained object detection models. APRICOT was created both to study the robustness of adversarial patch attacks in real-world conditions and to enable development of defensive mechanism for object detectors. Previous studies of physical adversarial objects typically tested their attacks in digital experiments or in fairly constrained lab-like conditions. Our goal with APRICOT was to capture adversarial patches in more realistic conditions with wide variations in position, distance, lighting conditions, and viewing angles.

Full details of the APRICOT dataset can be found in our paper, where we also present several baseline strategies to defend against APRICOT patches. We hope that the APRICOT dataset will help enable future research into defenses against physical adversarial objects. The APRICOT dataset and annotations can be downloaded here.

An Object Detection Algorithm being tricked by an Adversarial Patch

Download Slides with Script