ADBM: Adversarial diffusion bridge model for reliable adversarial purification

๐Ÿ“… 2024-08-01
๐Ÿ›๏ธ arXiv.org
๐Ÿ“ˆ Citations: 1
โœจ Influential: 0
๐Ÿ“„ PDF
๐Ÿค– AI Summary
Existing diffusion-based purification methods (e.g., DiffPure) suffer from an inherent trade-off between adversarial noise removal and faithful reconstruction of clean data, while their evaluation relies on weak adaptive attacks, compromising robustness assessment. To address this, we propose the Adversarial Diffusion Bridge Model (ADBM), which constructs a direct reverse diffusion bridge from adversarial examples to clean samplesโ€”enabling, for the first time, decoupled noise suppression and structural fidelity preservation in pre-trained diffusion models for purification. ADBM is grounded in theoretically principled diffusion process reparameterization and adversarial bridge modeling, and introduces a rigorous robustness evaluation paradigm resistant to strong adaptive attacks. On CIFAR-10, CIFAR-100, and ImageNet, ADBM achieves an average purification accuracy 7.2% higher than DiffPure, while maintaining โ‰ฅ91.5% defense success rates against strong adaptive attacks.

Technology Category

Application Category

๐Ÿ“ Abstract
Recently Diffusion-based Purification (DiffPure) has been recognized as an effective defense method against adversarial examples. However, we find DiffPure which directly employs the original pre-trained diffusion models for adversarial purification, to be suboptimal. This is due to an inherent trade-off between noise purification performance and data recovery quality. Additionally, the reliability of existing evaluations for DiffPure is questionable, as they rely on weak adaptive attacks. In this work, we propose a novel Adversarial Diffusion Bridge Model, termed ADBM. ADBM directly constructs a reverse bridge from the diffused adversarial data back to its original clean examples, enhancing the purification capabilities of the original diffusion models. Through theoretical analysis and experimental validation across various scenarios, ADBM has proven to be a superior and robust defense mechanism, offering significant promise for practical applications.
Problem

Research questions and friction points this paper is trying to address.

Enhances diffusion-based adversarial purification
Improves data recovery and noise purification
Ensures reliability against strong adaptive attacks
Innovation

Methods, ideas, or system contributions that make the work stand out.

Adversarial Diffusion Bridge Model
reverse bridge construction
enhanced purification capabilities
๐Ÿ”Ž Similar Papers
No similar papers found.
Authors to Follow
X
Xiao Li
Tsinghua University
W
Wenxuan Sun
Tsinghua University, Peking University
Huanran Chen
Huanran Chen
PhD student, Tsinghua SAIL
Machine Learning TheoryOptimizationAI Safety
Q
Qiongxiu Li
Fudan University
Yining Liu
Yining Liu
Wenzhou University of Technology
VANET AuthenticationPrivacy-preserving data aggregationTrajectory privacy
Y
Yingzhe He
Huawei International, Singapore
J
Jie Shi
Huawei International, Singapore
X
Xiaolin Hu
Tsinghua University