Enhancing Adversarial Robustness via Score-Based Optimization
About
Adversarial attacks have the potential to mislead deep neural network classifiers by introducing slight perturbations. Developing algorithms that can mitigate the effects of these attacks is crucial for ensuring the safe use of artificial intelligence. Recent studies have suggested that score-based diffusion models are effective in adversarial defenses. However, existing diffusion-based defenses rely on the sequential simulation of the reversed stochastic differential equations of diffusion models, which are computationally inefficient and yield suboptimal results. In this paper, we introduce a novel adversarial defense scheme named ScoreOpt, which optimizes adversarial samples at test-time, towards original clean data in the direction guided by score-based priors. We conduct comprehensive experiments on multiple datasets, including CIFAR10, CIFAR100 and ImageNet. Our experimental results demonstrate that our approach outperforms existing adversarial defenses in terms of both robustness performance and inference speed.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Image Classification | CIFAR-10 | Clean Accuracy94.43 | 75 | |
| Image Classification | CIFAR10-C (test) | Accuracy (Gaussian)89.94 | 65 | |
| Image Classification | CIFAR-10C | Brightness Acc89.6 | 28 | |
| Image Classification | CIFAR-10 512-image subset (test) | Clean Accuracy93.44 | 26 | |
| Image Classification | CIFAR-10 (test) | Clean Accuracy93.94 | 12 | |
| Image Classification | CIFAR-10 l_inf threat model, epsilon=8/255 1.0 (test) | Standard Accuracy95.18 | 11 | |
| Image Classification | CIFAR-10 l2 threat model, epsilon=0.5 (test) | Standard Accuracy95.18 | 11 | |
| Image Classification | CIFAR-100 | Clean Accuracy74.18 | 10 | |
| Image Classification | CIFAR-10 (test) | Standard Accuracy93.1 | 8 | |
| Image Classification | Imagenette | Clean Accuracy76.4 | 5 |