This work addresses the lack of certifiable robustness in multi-label image classification models against physically realizable adversarial patch attacks. Methodologically, it decouples multi-label classification into independent binary subproblems, integrates per-label interval propagation with joint certification optimization, and enables plug-and-play extension of arbitrary single-label certified defenses. It introduces the first tight certification strategy for the single-patch setting, incorporating PatchCleanser for provably clean inference. Evaluated on MS-COCO and PASCAL VOC, the framework achieves high clean accuracy while significantly improving certified robust accuracy—outperforming existing heuristic multi-label defense approaches.

Deep learning techniques have enabled vast improvements in computer vision technologies. Nevertheless, these models are vulnerable to adversarial patch attacks which catastrophically impair performance. The physically realizable nature of these attacks calls for certifiable defenses, which feature provable guarantees on robustness. While certifiable defenses have been successfully applied to single-label classification, limited work has been done for multi-label classification. In this work, we present PatchDEMUX, a certifiably robust framework for multi-label classifiers against adversarial patches. Our approach is a generalizable method which can extend any existing certifiable defense for single-label classification; this is done by considering the multi-label classification task as a series of isolated binary classification problems to provably guarantee robustness. Furthermore, in the scenario where an attacker is limited to a single patch we propose an additional certification procedure that can provide tighter robustness bounds. Using the current state-of-the-art (SOTA) single-label certifiable defense PatchCleanser as a backbone, we find that PatchDEMUX can achieve non-trivial robustness on the MS-COCO and PASCAL VOC datasets while maintaining high clean performance