Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Diffusion Models for Adversarial Purification
Authors: Weili Nie, Brandon Guo, Yujia Huang, Chaowei Xiao, Arash Vahdat, Animashree Anandkumar
ICML 2022 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on three image datasets including CIFAR10, Image Net and Celeb A-HQ with three classifier architectures including Res Net, Wide Res Net and Vi T demonstrate that our method achieves the state-of-the-art results, outperforming current adversarial training and adversarial purification methods, often by a large margin. |
| Researcher Affiliation | Collaboration | 1NVIDIA 2Caltech 3ASU. |
| Pseudocode | No | The paper describes mathematical equations and processes but does not include any clearly labeled pseudocode or algorithm blocks. |
| Open Source Code | No | Project page: https://diffpure.github.io. |
| Open Datasets | Yes | We consider three datasets for evaluation: CIFAR-10 (Krizhevsky, 2009), Celeb A-HQ (Karras et al., 2018), and Image Net (Deng et al., 2009). |
| Dataset Splits | Yes | Particularly, we compare with the state-of-the-art defense methods reported by the standardized benchmark Robust Bench (Croce et al., 2020) on CIFAR-10 and Image Net while comparing with other adversarial purification methods on CIFAR-10 and Celeb A-HQ following their settings. |
| Hardware Specification | Yes | Table 14. Inference time with Diff Pure (t > 0) and without Diff Pure (t = 0) for a single image on an NVIDIA V100 GPU |
| Software Dependencies | No | In experiments, we use the adjoint framework for SDEs named adjoint sdeint in the Torch SDE library: https://github.com/google-research/ torchsde for both adversarial purification and gradient evaluation. |
| Experiment Setup | Yes | In our method, the diffusion timestep is t = 0.1. (from Table 1 caption) |