Towards Better Adversarial Purification via Adversarial Denoising Diffusion Training

arXiv:2404.14309v1 Announce Type: new
Abstract: Recently, diffusion-based purification (DBP) has emerged as a promising approach for defending against adversarial attacks. However, previous studies have used questionable methods to evaluate the robustness of DBP models, their explanations of DBP robustness also lack experimental support. We re-examine DBP robustness using precise gradient, and discuss the impact of stochasticity on DBP robustness. To better explain DBP robustness, we assess DBP robustness under a novel attack setting, Deterministic White-box, and pinpoint stochasticity as the …

abstract adversarial adversarial attacks arxiv attacks cs.cv denoising diffusion experimental gradient however robustness studies support training type via