Umeå University's logo

In the field of robotics, Artificial Intelligence based on Machine Learning and Deep Learning is a key enabling technology for robot navigation, interaction and task execution. Despite significant advances in AI, there remain notable hurdles in deploying AI algorithms in real-time safety-critical systems such as robotic systems, to achieve high levels of safety assurance in the presence of stringent hardware resource constraints. For Deep Learning-based perception based on computer vision, adversarial patch attacks have emerged as a potent technique for fooling classifiers by placing a patch on the input image, and defence techniques against such attacks is an active research topic. In this thesis, we address two research questions: RQ1: How do adversarial patch defence algorithms perform on different hardware platforms with varying computing capabilities? RQ2: How do heuristics-based adversarial defence algorithms perform with increasing patch sizes? To address RQ1, this thesis measures and compares among six well-known adversarial patch defence algorithms, including 14 models, on three different hardware platforms. Their performance in accuracy and processing time are compared and trade-offs are presented. To address RQ2, this thesis measures and compares accuracy and timing performance of a representative heuristics-based algorithm with increasing patch sizes, and compares the performance of masking-alone mitigation and Generative Adversarial Network (GAN)-based mitigation. The research results of this thesis aim to serve as a useful reference for the practical deployment of adversarial patch defence algorithms in robotic systems.