Timezone: »

 
Spotlight
Diffusion Models for Adversarial Purification
Weili Nie · Brandon Guo · Yujia Huang · Chaowei Xiao · Arash Vahdat · Animashree Anandkumar

Thu Jul 21 07:50 AM -- 07:55 AM (PDT) @ Room 301 - 303
in DL: Generative Models and Autoencoders »

Adversarial purification refers to a class of defense methods that remove adversarial perturbations using a generative model. These methods do not make assumptions on the form of attack and the classification model, and thus can defend pre-existing classifiers against unseen threats. However, their performance currently falls behind adversarial training methods. In this work, we propose DiffPure that uses diffusion models for adversarial purification: Given an adversarial example, we first diffuse it with a small amount of noise following a forward diffusion process, and then recover the clean image through a reverse generative process. To evaluate our method against strong adaptive attacks in an efficient and scalable way, we propose to use the adjoint method to compute full gradients of the reverse generative process. Extensive experiments on three image datasets including CIFAR-10, ImageNet and CelebA-HQ with three classifier architectures including ResNet, WideResNet and ViT demonstrate that our method achieves the state-of-the-art results, outperforming current adversarial training and adversarial purification methods, often by a large margin.

Keywords: Deep Learning · DL: Generative Models and Autoencoders · DL: Robustness

Author Information

Weili Nie (NVIDIA)
Brandon Guo (Caltech)
Yujia Huang (California Institute of Technology)

Working on generative models, model brain connection using DNN, high speed DNN computing architecture.

Chaowei Xiao (University of Michigan)
Arash Vahdat (NVIDIA Research)
Animashree Anandkumar (Caltech and NVIDIA)

Related Events (a corresponding poster, oral, or spotlight)

More from the Same Authors