TY - GEN
T1 - From Adversity to Advantage
T2 - 9th International Symposium on Cyber Security, Cryptology, and Machine Learning, CSCML 2025
AU - Kazoom, Roie
AU - Birman, Raz
AU - Hadar, Ofer
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
PY - 2026/1/1
Y1 - 2026/1/1
N2 - Adversarial patch attacks threaten the reliability of object detectors by causing severe misclassifications, especially in safety-critical environments. In this work, we propose a comprehensive defense pipeline that not only restores detection performance but also significantly improves it. Our method leverages a latent diffusion model to recover semantically coherent regions affected by adversarial patches, leading to confidence gains of +26.61% for YOLOv5 and +26.91% for YOLOv7 - exceeding the models’ original predictions on clean images. In contrast to prior approaches that merely attempt restoration, we demonstrate that diffusion models can enhance object detection performance under attack, while maintaining practical efficiency with of inference time. We also present an optimized attack strategy based on EigenCAM and grid search, which identifies and targets the most vulnerable regions of the image. Experimental results show that our method consistently outperforms classical and recent defenses such as JPEG compression, spatial smoothing, SAC [17], and DIFFender [8], both in robustness and in detection confidence recovery. These findings highlight the potential of generative models not only for defense but for strengthening object detectors in adversarial scenarios.
AB - Adversarial patch attacks threaten the reliability of object detectors by causing severe misclassifications, especially in safety-critical environments. In this work, we propose a comprehensive defense pipeline that not only restores detection performance but also significantly improves it. Our method leverages a latent diffusion model to recover semantically coherent regions affected by adversarial patches, leading to confidence gains of +26.61% for YOLOv5 and +26.91% for YOLOv7 - exceeding the models’ original predictions on clean images. In contrast to prior approaches that merely attempt restoration, we demonstrate that diffusion models can enhance object detection performance under attack, while maintaining practical efficiency with of inference time. We also present an optimized attack strategy based on EigenCAM and grid search, which identifies and targets the most vulnerable regions of the image. Experimental results show that our method consistently outperforms classical and recent defenses such as JPEG compression, spatial smoothing, SAC [17], and DIFFender [8], both in robustness and in detection confidence recovery. These findings highlight the potential of generative models not only for defense but for strengthening object detectors in adversarial scenarios.
KW - adversarial attacks
KW - adversarial patch defense
KW - detection confidence
KW - object detection
UR - https://www.scopus.com/pages/publications/105023421168
U2 - 10.1007/978-3-032-10759-6_7
DO - 10.1007/978-3-032-10759-6_7
M3 - Conference contribution
AN - SCOPUS:105023421168
SN - 9783032107589
T3 - Lecture Notes in Computer Science
SP - 104
EP - 121
BT - Cyber Security, Cryptology, and Machine Learning - 9th International Symposium, CSCML 2025, Proceedings
A2 - Akavia, Adi
A2 - Dolev, Shlomi
A2 - Lysyanskaya, Anna
A2 - Puzis, Rami
PB - Springer Science and Business Media Deutschland GmbH
Y2 - 4 December 2025 through 5 December 2025
ER -