Struggle with Adversarial Defense? Try Diffusion

arXiv:2404.08273v1 Announce Type: cross
Abstract: Adversarial attacks induce misclassification by introducing subtle perturbations. Recently, diffusion models are applied to the image classifiers to improve adversarial robustness through adversarial training or by purifying adversarial noise. However, diffusion-based adversarial training often encounters convergence challenges and high computational expenses. Additionally, diffusion-based purification inevitably causes data shift and is deemed susceptible to stronger adaptive attacks. To tackle these issues, we propose the Truth Maximization Diffusion Classifier (TMDC), a generative Bayesian classifier that builds upon …

adversarial adversarial attacks arxiv attacks challenges computational convergence cs.cr cs.cv data defense diffusion models expenses high image noise robustness training try