Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance
- Autores
- Bai, Mingyuan; Huang, Wei; Li, Tenghui; Wang, Andong; Gao, Junbin; Caiafa, César Federico; Zhao, Qibin
- Año de publicación
- 2024
- Idioma
- inglés
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- In adversarial defense, adversarial purification can be viewed as a special generation task with the purpose to remove adversarial attacks and dif- fusion models excel in adversarial purification for their strong generative power. With different predetermined generation requirements, various types of guidance have been proposed, but few of them focuses on adversarial purification. In this work, we propose to guide diffusion mod- els for adversarial purification using contrastive guidance. We theoretically derive the proper noise level added in the forward process diffu- sion models for adversarial purification from a feature learning perspective. For the reverse pro- cess, it is implied that the role of contrastive loss guidance is to facilitate the evolution towards the signal direction. From the theoretical findings and implications, we design the forward process with the proper amount of Gaussian noise added and the reverse process with the gradient of contrastive loss as the guidance of diffusion models for adversarial purification. Empirically, exten- sive experiments on CIFAR-10, CIFAR-100, the German Traffic Sign Recognition Benchmark and ImageNet datasets with ResNet and WideResNet classifiers show that our method outperforms most of current adversarial training and adversarial purification methods by a large improvement.
Fil: Bai, Mingyuan. Riken. Center of Advanced Intelligence Project; Japón
Fil: Huang, Wei. Riken. Center of Advanced Intelligence Project; Japón
Fil: Li, Tenghui. Riken. Center of Advanced Intelligence Project; Japón
Fil: Wang, Andong. Riken. Center of Advanced Intelligence Project; Japón
Fil: Gao, Junbin. The University of Sydney; Australia
Fil: Caiafa, César Federico. Provincia de Buenos Aires. Gobernación. Comisión de Investigaciones Científicas. Instituto Argentino de Radioastronomía. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - La Plata. Instituto Argentino de Radioastronomía; Argentina
Fil: Zhao, Qibin. Riken. Center of Advanced Intelligence Project; Japón
41st International Conference on Machine Learning
Viena
Austria
Carnegie Mellen University - Materia
-
stable diffusion
adversarial attacks
purification
artificial intelligence - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- https://creativecommons.org/licenses/by-nc-sa/2.5/ar/
- Repositorio
.jpg)
- Institución
- Consejo Nacional de Investigaciones Científicas y Técnicas
- OAI Identificador
- oai:ri.conicet.gov.ar:11336/241923
Ver los metadatos del registro completo
| id |
CONICETDig_2d180a78b2ffc31f7ff7127c50435f0e |
|---|---|
| oai_identifier_str |
oai:ri.conicet.gov.ar:11336/241923 |
| network_acronym_str |
CONICETDig |
| repository_id_str |
3498 |
| network_name_str |
CONICET Digital (CONICET) |
| spelling |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to AdvanceBai, MingyuanHuang, WeiLi, TenghuiWang, AndongGao, JunbinCaiafa, César FedericoZhao, Qibinstable diffusionadversarial attackspurificationartificial intelligencehttps://purl.org/becyt/ford/1.2https://purl.org/becyt/ford/1In adversarial defense, adversarial purification can be viewed as a special generation task with the purpose to remove adversarial attacks and dif- fusion models excel in adversarial purification for their strong generative power. With different predetermined generation requirements, various types of guidance have been proposed, but few of them focuses on adversarial purification. In this work, we propose to guide diffusion mod- els for adversarial purification using contrastive guidance. We theoretically derive the proper noise level added in the forward process diffu- sion models for adversarial purification from a feature learning perspective. For the reverse pro- cess, it is implied that the role of contrastive loss guidance is to facilitate the evolution towards the signal direction. From the theoretical findings and implications, we design the forward process with the proper amount of Gaussian noise added and the reverse process with the gradient of contrastive loss as the guidance of diffusion models for adversarial purification. Empirically, exten- sive experiments on CIFAR-10, CIFAR-100, the German Traffic Sign Recognition Benchmark and ImageNet datasets with ResNet and WideResNet classifiers show that our method outperforms most of current adversarial training and adversarial purification methods by a large improvement.Fil: Bai, Mingyuan. Riken. Center of Advanced Intelligence Project; JapónFil: Huang, Wei. Riken. Center of Advanced Intelligence Project; JapónFil: Li, Tenghui. Riken. Center of Advanced Intelligence Project; JapónFil: Wang, Andong. Riken. Center of Advanced Intelligence Project; JapónFil: Gao, Junbin. The University of Sydney; AustraliaFil: Caiafa, César Federico. Provincia de Buenos Aires. Gobernación. Comisión de Investigaciones Científicas. Instituto Argentino de Radioastronomía. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - La Plata. Instituto Argentino de Radioastronomía; ArgentinaFil: Zhao, Qibin. Riken. Center of Advanced Intelligence Project; Japón41st International Conference on Machine LearningVienaAustriaCarnegie Mellen UniversityMLR pressSalakhutdino, Ruslan2024info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/conferenceObjectConferenciaJournalhttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdfapplication/pdfhttp://hdl.handle.net/11336/241923Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance; 41st International Conference on Machine Learning; Viena; Austria; 2024; 1-172640-3498CONICET DigitalCONICETenginfo:eu-repo/semantics/altIdentifier/url/https://icml.ccinfo:eu-repo/semantics/altIdentifier/url/https://icml.cc/virtual/2024/poster/35110info:eu-repo/semantics/altIdentifier/url/https://proceedings.mlr.press/v235/bai24b.htmlInternacionalinfo:eu-repo/semantics/openAccesshttps://creativecommons.org/licenses/by-nc-sa/2.5/ar/reponame:CONICET Digital (CONICET)instname:Consejo Nacional de Investigaciones Científicas y Técnicas2025-09-29T10:01:41Zoai:ri.conicet.gov.ar:11336/241923instacron:CONICETInstitucionalhttp://ri.conicet.gov.ar/Organismo científico-tecnológicoNo correspondehttp://ri.conicet.gov.ar/oai/requestdasensio@conicet.gov.ar; lcarlino@conicet.gov.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:34982025-09-29 10:01:42.191CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicasfalse |
| dc.title.none.fl_str_mv |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance |
| title |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance |
| spellingShingle |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance Bai, Mingyuan stable diffusion adversarial attacks purification artificial intelligence |
| title_short |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance |
| title_full |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance |
| title_fullStr |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance |
| title_full_unstemmed |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance |
| title_sort |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance |
| dc.creator.none.fl_str_mv |
Bai, Mingyuan Huang, Wei Li, Tenghui Wang, Andong Gao, Junbin Caiafa, César Federico Zhao, Qibin |
| author |
Bai, Mingyuan |
| author_facet |
Bai, Mingyuan Huang, Wei Li, Tenghui Wang, Andong Gao, Junbin Caiafa, César Federico Zhao, Qibin |
| author_role |
author |
| author2 |
Huang, Wei Li, Tenghui Wang, Andong Gao, Junbin Caiafa, César Federico Zhao, Qibin |
| author2_role |
author author author author author author |
| dc.contributor.none.fl_str_mv |
Salakhutdino, Ruslan |
| dc.subject.none.fl_str_mv |
stable diffusion adversarial attacks purification artificial intelligence |
| topic |
stable diffusion adversarial attacks purification artificial intelligence |
| purl_subject.fl_str_mv |
https://purl.org/becyt/ford/1.2 https://purl.org/becyt/ford/1 |
| dc.description.none.fl_txt_mv |
In adversarial defense, adversarial purification can be viewed as a special generation task with the purpose to remove adversarial attacks and dif- fusion models excel in adversarial purification for their strong generative power. With different predetermined generation requirements, various types of guidance have been proposed, but few of them focuses on adversarial purification. In this work, we propose to guide diffusion mod- els for adversarial purification using contrastive guidance. We theoretically derive the proper noise level added in the forward process diffu- sion models for adversarial purification from a feature learning perspective. For the reverse pro- cess, it is implied that the role of contrastive loss guidance is to facilitate the evolution towards the signal direction. From the theoretical findings and implications, we design the forward process with the proper amount of Gaussian noise added and the reverse process with the gradient of contrastive loss as the guidance of diffusion models for adversarial purification. Empirically, exten- sive experiments on CIFAR-10, CIFAR-100, the German Traffic Sign Recognition Benchmark and ImageNet datasets with ResNet and WideResNet classifiers show that our method outperforms most of current adversarial training and adversarial purification methods by a large improvement. Fil: Bai, Mingyuan. Riken. Center of Advanced Intelligence Project; Japón Fil: Huang, Wei. Riken. Center of Advanced Intelligence Project; Japón Fil: Li, Tenghui. Riken. Center of Advanced Intelligence Project; Japón Fil: Wang, Andong. Riken. Center of Advanced Intelligence Project; Japón Fil: Gao, Junbin. The University of Sydney; Australia Fil: Caiafa, César Federico. Provincia de Buenos Aires. Gobernación. Comisión de Investigaciones Científicas. Instituto Argentino de Radioastronomía. Consejo Nacional de Investigaciones Científicas y Técnicas. Centro Científico Tecnológico Conicet - La Plata. Instituto Argentino de Radioastronomía; Argentina Fil: Zhao, Qibin. Riken. Center of Advanced Intelligence Project; Japón 41st International Conference on Machine Learning Viena Austria Carnegie Mellen University |
| description |
In adversarial defense, adversarial purification can be viewed as a special generation task with the purpose to remove adversarial attacks and dif- fusion models excel in adversarial purification for their strong generative power. With different predetermined generation requirements, various types of guidance have been proposed, but few of them focuses on adversarial purification. In this work, we propose to guide diffusion mod- els for adversarial purification using contrastive guidance. We theoretically derive the proper noise level added in the forward process diffu- sion models for adversarial purification from a feature learning perspective. For the reverse pro- cess, it is implied that the role of contrastive loss guidance is to facilitate the evolution towards the signal direction. From the theoretical findings and implications, we design the forward process with the proper amount of Gaussian noise added and the reverse process with the gradient of contrastive loss as the guidance of diffusion models for adversarial purification. Empirically, exten- sive experiments on CIFAR-10, CIFAR-100, the German Traffic Sign Recognition Benchmark and ImageNet datasets with ResNet and WideResNet classifiers show that our method outperforms most of current adversarial training and adversarial purification methods by a large improvement. |
| publishDate |
2024 |
| dc.date.none.fl_str_mv |
2024 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/publishedVersion info:eu-repo/semantics/conferenceObject Conferencia Journal http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| status_str |
publishedVersion |
| format |
conferenceObject |
| dc.identifier.none.fl_str_mv |
http://hdl.handle.net/11336/241923 Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance; 41st International Conference on Machine Learning; Viena; Austria; 2024; 1-17 2640-3498 CONICET Digital CONICET |
| url |
http://hdl.handle.net/11336/241923 |
| identifier_str_mv |
Diffusion Models Demand Contrastive Guidance for Adversarial Purification to Advance; 41st International Conference on Machine Learning; Viena; Austria; 2024; 1-17 2640-3498 CONICET Digital CONICET |
| dc.language.none.fl_str_mv |
eng |
| language |
eng |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/https://icml.cc info:eu-repo/semantics/altIdentifier/url/https://icml.cc/virtual/2024/poster/35110 info:eu-repo/semantics/altIdentifier/url/https://proceedings.mlr.press/v235/bai24b.html |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/2.5/ar/ |
| dc.format.none.fl_str_mv |
application/pdf application/pdf |
| dc.coverage.none.fl_str_mv |
Internacional |
| dc.publisher.none.fl_str_mv |
MLR press |
| publisher.none.fl_str_mv |
MLR press |
| dc.source.none.fl_str_mv |
reponame:CONICET Digital (CONICET) instname:Consejo Nacional de Investigaciones Científicas y Técnicas |
| reponame_str |
CONICET Digital (CONICET) |
| collection |
CONICET Digital (CONICET) |
| instname_str |
Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.name.fl_str_mv |
CONICET Digital (CONICET) - Consejo Nacional de Investigaciones Científicas y Técnicas |
| repository.mail.fl_str_mv |
dasensio@conicet.gov.ar; lcarlino@conicet.gov.ar |
| _version_ |
1844613813651898368 |
| score |
13.069144 |