论文标题
从随机噪声中进行对抗纯化的引导扩散模型
Guided Diffusion Model for Adversarial Purification from Random Noise
论文作者
论文摘要
在本文中,我们提出了一种新颖的指导性扩散纯化方法,以防御对抗性攻击。我们的模型在CIFAR-100数据集上的PGD-L_INF攻击(EPS = 8/255)下实现了89.62%的鲁棒精度。我们首先探讨了未指导的扩散模型与随机平滑之间的基本相关性,从而使我们能够将模型应用于认证的鲁棒性。经验结果表明,当认证的L2半径R大于0.5时,我们的模型比随机平滑胜过5%。
In this paper, we propose a novel guided diffusion purification approach to provide a strong defense against adversarial attacks. Our model achieves 89.62% robust accuracy under PGD-L_inf attack (eps = 8/255) on the CIFAR-10 dataset. We first explore the essential correlations between unguided diffusion models and randomized smoothing, enabling us to apply the models to certified robustness. The empirical results show that our models outperform randomized smoothing by 5% when the certified L2 radius r is larger than 0.5.
