Diffusion Models for Adversarial Purification
Authors: Weili Nie, Brandon Guo, Yujia Huang, Chaowei Xiao, Arash Vahdat, Animashree Anandkumar
ICML 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on three image datasets including CIFAR10, Image Net and Celeb A-HQ with three classifier architectures including Res Net, Wide Res Net and Vi T demonstrate that our method achieves the state-of-the-art results, outperforming current adversarial training and adversarial purification methods, often by a large margin. |
| Researcher Affiliation | Collaboration | 1NVIDIA 2Caltech 3ASU. |
| Pseudocode | No | The paper describes mathematical equations and processes but does not include any clearly labeled pseudocode or algorithm blocks. |
| Open Source Code | No | Project page: https://diffpure.github.io. |
| Open Datasets | Yes | We consider three datasets for evaluation: CIFAR-10 (Krizhevsky, 2009), Celeb A-HQ (Karras et al., 2018), and Image Net (Deng et al., 2009). |
| Dataset Splits | Yes | Particularly, we compare with the state-of-the-art defense methods reported by the standardized benchmark Robust Bench (Croce et al., 2020) on CIFAR-10 and Image Net while comparing with other adversarial purification methods on CIFAR-10 and Celeb A-HQ following their settings. |
| Hardware Specification | Yes | Table 14. Inference time with Diff Pure (t > 0) and without Diff Pure (t = 0) for a single image on an NVIDIA V100 GPU |
| Software Dependencies | No | In experiments, we use the adjoint framework for SDEs named adjoint sdeint in the Torch SDE library: https://github.com/google-research/ torchsde for both adversarial purification and gradient evaluation. |
| Experiment Setup | Yes | In our method, the diffusion timestep is t = 0.1. (from Table 1 caption) |