ADBM: Adversarial diffusion bridge model for reliable adversarial purification
Recently Diffusion-based Purification (DiffPure) has been recognized as an effective defense method against adversarial examples. However, we find DiffPure which directly employs the original pre-trained diffusion models for adversarial purification, to be suboptimal. This is due to an inherent trad...
Gespeichert in:
| Hauptverfasser: | , , , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Li, Xiao Sun, Wenxuan Chen, Huanran Li, Qiongxiu Liu, Yining He, Yingzhe Shi, Jie Hu, Xiaolin |
| description | Recently Diffusion-based Purification (DiffPure) has been recognized as an
effective defense method against adversarial examples. However, we find
DiffPure which directly employs the original pre-trained diffusion models for
adversarial purification, to be suboptimal. This is due to an inherent
trade-off between noise purification performance and data recovery quality.
Additionally, the reliability of existing evaluations for DiffPure is
questionable, as they rely on weak adaptive attacks. In this work, we propose a
novel Adversarial Diffusion Bridge Model, termed ADBM. ADBM directly constructs
a reverse bridge from the diffused adversarial data back to its original clean
examples, enhancing the purification capabilities of the original diffusion
models. Through theoretical analysis and experimental validation across various
scenarios, ADBM has proven to be a superior and robust defense mechanism,
offering significant promise for practical applications. |
| doi_str_mv | 10.48550/arxiv.2408.00315 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2408_00315</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2408_00315</sourcerecordid><originalsourceid>FETCH-arxiv_primary_2408_003153</originalsourceid><addsrcrecordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjGw0DMwMDY05WTwc3Rx8rVScEwpSy0qTizKTMxRSMlMSystzszPU0gqykxJT1XIzU9JzVFIyy9SKErNyUxMyklVSERSX1BalJmWmZxYAtTCw8CalphTnMoLpbkZ5N1cQ5w9dME2xxcUZeYmFlXGg1wQD3aBMWEVAFq0O-o</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>ADBM: Adversarial diffusion bridge model for reliable adversarial purification</title><source>arXiv.org</source><creator>Li, Xiao ; Sun, Wenxuan ; Chen, Huanran ; Li, Qiongxiu ; Liu, Yining ; He, Yingzhe ; Shi, Jie ; Hu, Xiaolin</creator><creatorcontrib>Li, Xiao ; Sun, Wenxuan ; Chen, Huanran ; Li, Qiongxiu ; Liu, Yining ; He, Yingzhe ; Shi, Jie ; Hu, Xiaolin</creatorcontrib><description>Recently Diffusion-based Purification (DiffPure) has been recognized as an
effective defense method against adversarial examples. However, we find
DiffPure which directly employs the original pre-trained diffusion models for
adversarial purification, to be suboptimal. This is due to an inherent
trade-off between noise purification performance and data recovery quality.
Additionally, the reliability of existing evaluations for DiffPure is
questionable, as they rely on weak adaptive attacks. In this work, we propose a
novel Adversarial Diffusion Bridge Model, termed ADBM. ADBM directly constructs
a reverse bridge from the diffused adversarial data back to its original clean
examples, enhancing the purification capabilities of the original diffusion
models. Through theoretical analysis and experimental validation across various
scenarios, ADBM has proven to be a superior and robust defense mechanism,
offering significant promise for practical applications.</description><identifier>DOI: 10.48550/arxiv.2408.00315</identifier><language>eng</language><subject>Computer Science - Artificial Intelligence ; Computer Science - Computer Vision and Pattern Recognition ; Computer Science - Learning</subject><creationdate>2024-08</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,782,887</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2408.00315$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2408.00315$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Li, Xiao</creatorcontrib><creatorcontrib>Sun, Wenxuan</creatorcontrib><creatorcontrib>Chen, Huanran</creatorcontrib><creatorcontrib>Li, Qiongxiu</creatorcontrib><creatorcontrib>Liu, Yining</creatorcontrib><creatorcontrib>He, Yingzhe</creatorcontrib><creatorcontrib>Shi, Jie</creatorcontrib><creatorcontrib>Hu, Xiaolin</creatorcontrib><title>ADBM: Adversarial diffusion bridge model for reliable adversarial purification</title><description>Recently Diffusion-based Purification (DiffPure) has been recognized as an
effective defense method against adversarial examples. However, we find
DiffPure which directly employs the original pre-trained diffusion models for
adversarial purification, to be suboptimal. This is due to an inherent
trade-off between noise purification performance and data recovery quality.
Additionally, the reliability of existing evaluations for DiffPure is
questionable, as they rely on weak adaptive attacks. In this work, we propose a
novel Adversarial Diffusion Bridge Model, termed ADBM. ADBM directly constructs
a reverse bridge from the diffused adversarial data back to its original clean
examples, enhancing the purification capabilities of the original diffusion
models. Through theoretical analysis and experimental validation across various
scenarios, ADBM has proven to be a superior and robust defense mechanism,
offering significant promise for practical applications.</description><subject>Computer Science - Artificial Intelligence</subject><subject>Computer Science - Computer Vision and Pattern Recognition</subject><subject>Computer Science - Learning</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNpjYJA0NNAzsTA1NdBPLKrILNMzMjGw0DMwMDY05WTwc3Rx8rVScEwpSy0qTizKTMxRSMlMSystzszPU0gqykxJT1XIzU9JzVFIyy9SKErNyUxMyklVSERSX1BalJmWmZxYAtTCw8CalphTnMoLpbkZ5N1cQ5w9dME2xxcUZeYmFlXGg1wQD3aBMWEVAFq0O-o</recordid><startdate>20240801</startdate><enddate>20240801</enddate><creator>Li, Xiao</creator><creator>Sun, Wenxuan</creator><creator>Chen, Huanran</creator><creator>Li, Qiongxiu</creator><creator>Liu, Yining</creator><creator>He, Yingzhe</creator><creator>Shi, Jie</creator><creator>Hu, Xiaolin</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20240801</creationdate><title>ADBM: Adversarial diffusion bridge model for reliable adversarial purification</title><author>Li, Xiao ; Sun, Wenxuan ; Chen, Huanran ; Li, Qiongxiu ; Liu, Yining ; He, Yingzhe ; Shi, Jie ; Hu, Xiaolin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-arxiv_primary_2408_003153</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computer Science - Artificial Intelligence</topic><topic>Computer Science - Computer Vision and Pattern Recognition</topic><topic>Computer Science - Learning</topic><toplevel>online_resources</toplevel><creatorcontrib>Li, Xiao</creatorcontrib><creatorcontrib>Sun, Wenxuan</creatorcontrib><creatorcontrib>Chen, Huanran</creatorcontrib><creatorcontrib>Li, Qiongxiu</creatorcontrib><creatorcontrib>Liu, Yining</creatorcontrib><creatorcontrib>He, Yingzhe</creatorcontrib><creatorcontrib>Shi, Jie</creatorcontrib><creatorcontrib>Hu, Xiaolin</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Li, Xiao</au><au>Sun, Wenxuan</au><au>Chen, Huanran</au><au>Li, Qiongxiu</au><au>Liu, Yining</au><au>He, Yingzhe</au><au>Shi, Jie</au><au>Hu, Xiaolin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>ADBM: Adversarial diffusion bridge model for reliable adversarial purification</atitle><date>2024-08-01</date><risdate>2024</risdate><abstract>Recently Diffusion-based Purification (DiffPure) has been recognized as an
effective defense method against adversarial examples. However, we find
DiffPure which directly employs the original pre-trained diffusion models for
adversarial purification, to be suboptimal. This is due to an inherent
trade-off between noise purification performance and data recovery quality.
Additionally, the reliability of existing evaluations for DiffPure is
questionable, as they rely on weak adaptive attacks. In this work, we propose a
novel Adversarial Diffusion Bridge Model, termed ADBM. ADBM directly constructs
a reverse bridge from the diffused adversarial data back to its original clean
examples, enhancing the purification capabilities of the original diffusion
models. Through theoretical analysis and experimental validation across various
scenarios, ADBM has proven to be a superior and robust defense mechanism,
offering significant promise for practical applications.</abstract><doi>10.48550/arxiv.2408.00315</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2408.00315 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2408_00315 |
| source | arXiv.org |
| subjects | Computer Science - Artificial Intelligence Computer Science - Computer Vision and Pattern Recognition Computer Science - Learning |
| title | ADBM: Adversarial diffusion bridge model for reliable adversarial purification |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-04T20%3A13%3A37IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=ADBM:%20Adversarial%20diffusion%20bridge%20model%20for%20reliable%20adversarial%20purification&rft.au=Li,%20Xiao&rft.date=2024-08-01&rft_id=info:doi/10.48550/arxiv.2408.00315&rft_dat=%3Carxiv_GOX%3E2408_00315%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |