Guided diffusion-based adversarial purification model with denoised prior constraint

Adversarial attack has posed a significant threat to modern deep learning based models. Recently, various adversarial defending algorithms are proposed to tackle the problem.

Among them, diffusion-based adversarial purification approaches offer the most promising solutions. However, their effectiveness are limited due to the strong adversarial perturbations presented in attacked images. These adversarial signals hinder the introduction of guidance into diffusion models in order to improve the defence efficacy. In this paper, we propose a novel approach to embed reliable guidance into diffusion-based adversarial purification model to improve both its defence effectiveness and efficiency. In specific, we present a diffusion sampling guidance enhanced by a pretrained denoising network as a prior constraint to improve the adversarial defence performance. Experimental results convincingly demonstrate the superior performance of the proposed approach in terms of enhanced robustness to standard image classifiers when compared to state-of-the-art adversarial defence approaches.