Iterative Window Mean Filter: Thwarting Diffusion-based Adversarial Purification

• URL: http://arxiv.org/abs/2408.10673v3
• Date: Tue, 29 Oct 2024 14:46:36 GMT
• Title: Iterative Window Mean Filter: Thwarting Diffusion-based Adversarial Purification
• Authors: Hanrui Wang, Ruoxi Sun, Cunjian Chen, Minhui Xue, Lay-Ki Soon, Shuo Wang, Zhe Jin,
• Abstract summary: Face authentication systems have become unreliable due to their sensitivity to inconspicuous perturbations, such as adversarial attacks. We have developed a novel and highly efficient non-deep-learning-based image filter called the Iterative Window Mean Filter (IWMF) We propose a new framework for adversarial purification, named IWMF-Diff, which integrates IWMF and denoising diffusion models.
• Score: 26.875621618432504
• License: http://creativecommons.org/publicdomain/zero/1.0/
• Abstract: Face authentication systems have brought significant convenience and advanced developments, yet they have become unreliable due to their sensitivity to inconspicuous perturbations, such as adversarial attacks. Existing defenses often exhibit weaknesses when facing various attack algorithms and adaptive attacks or compromise accuracy for enhanced security. To address these challenges, we have developed a novel and highly efficient non-deep-learning-based image filter called the Iterative Window Mean Filter (IWMF) and proposed a new framework for adversarial purification, named IWMF-Diff, which integrates IWMF and denoising diffusion models. These methods can function as pre-processing modules to eliminate adversarial perturbations without necessitating further modifications or retraining of the target system. We demonstrate that our proposed methodologies fulfill four critical requirements: preserved accuracy, improved security, generalizability to various threats in different settings, and better resistance to adaptive attacks. This performance surpasses that of the state-of-the-art adversarial purification method, DiffPure.

Related papers

• MMAD-Purify: A Precision-Optimized Framework for Efficient and Scalable Multi-Modal Attacks [21.227398434694724]
  We introduce an innovative framework that incorporates a precision-optimized noise predictor to enhance the effectiveness of our attack framework. Our framework provides a cutting-edge solution for multi-modal adversarial attacks, ensuring reduced latency. We demonstrate that our framework achieves outstanding transferability and robustness against purification defenses.
  arXiv  Detail & Related papers  (2024-10-17T23:52:39Z)
• LightPure: Realtime Adversarial Image Purification for Mobile Devices Using Diffusion Models [1.6035624867835674]
  This paper introduces LightPure, a new method that enhances adversarial image purification. It improves the accuracy of existing purification methods and provides notable enhancements in speed and computational efficiency. Our results show that LightPure can outperform existing methods by up to 10x in terms of latency.
  arXiv  Detail & Related papers  (2024-08-31T03:45:57Z)
• Watch the Watcher! Backdoor Attacks on Security-Enhancing Diffusion Models [65.30406788716104]
  This work investigates the vulnerabilities of security-enhancing diffusion models. We demonstrate that these models are highly susceptible to DIFF2, a simple yet effective backdoor attack. Case studies show that DIFF2 can significantly reduce both post-purification and certified accuracy across benchmark datasets and models.
  arXiv  Detail & Related papers  (2024-06-14T02:39:43Z)
• MirrorCheck: Efficient Adversarial Defense for Vision-Language Models [55.73581212134293]
  We propose a novel, yet elegantly simple approach for detecting adversarial samples in Vision-Language Models. Our method leverages Text-to-Image (T2I) models to generate images based on captions produced by target VLMs. Empirical evaluations conducted on different datasets validate the efficacy of our approach.
  arXiv  Detail & Related papers  (2024-06-13T15:55:04Z)
• Meta Invariance Defense Towards Generalizable Robustness to Unknown Adversarial Attacks [62.036798488144306]
  Current defense mainly focuses on the known attacks, but the adversarial robustness to the unknown attacks is seriously overlooked. We propose an attack-agnostic defense method named Meta Invariance Defense (MID) We show that MID simultaneously achieves robustness to the imperceptible adversarial perturbations in high-level image classification and attack-suppression in low-level robust image regeneration.
  arXiv  Detail & Related papers  (2024-04-04T10:10:38Z)
• RADAP: A Robust and Adaptive Defense Against Diverse Adversarial Patches on Face Recognition [13.618387142029663]
  Face recognition systems powered by deep learning are vulnerable to adversarial attacks. We propose RADAP, a robust and adaptive defense mechanism against diverse adversarial patches. We conduct comprehensive experiments to validate the effectiveness of RADAP.
  arXiv  Detail & Related papers  (2023-11-29T03:37:14Z)
• Adv-Attribute: Inconspicuous and Transferable Adversarial Attack on Face Recognition [111.1952945740271]
  Adversarial Attributes (Adv-Attribute) is designed to generate inconspicuous and transferable attacks on face recognition. Experiments on the FFHQ and CelebA-HQ datasets show that the proposed Adv-Attribute method achieves the state-of-the-art attacking success rates.
  arXiv  Detail & Related papers  (2022-10-13T09:56:36Z)
• Towards Adversarial Purification using Denoising AutoEncoders [0.8701566919381223]
  Adversarial attacks are often obtained by making subtle perturbations to normal images, which are mostly imperceptible to humans. We propose a framework, named APuDAE, leveraging Denoising AutoEncoders (DAEs) to purify these samples by using them in an adaptive way. We show how our framework provides comparable and in most cases better performance to the baseline methods in purifying adversaries.
  arXiv  Detail & Related papers  (2022-08-29T19:04:25Z)
• Threat Model-Agnostic Adversarial Defense using Diffusion Models [14.603209216642034]
  Deep Neural Networks (DNNs) are highly sensitive to imperceptible malicious perturbations, known as adversarial attacks. Deep Neural Networks (DNNs) are highly sensitive to imperceptible malicious perturbations, known as adversarial attacks.
  arXiv  Detail & Related papers  (2022-07-17T06:50:48Z)
• Adaptive Feature Alignment for Adversarial Training [56.17654691470554]
  CNNs are typically vulnerable to adversarial attacks, which pose a threat to security-sensitive applications. We propose the adaptive feature alignment (AFA) to generate features of arbitrary attacking strengths. Our method is trained to automatically align features of arbitrary attacking strength.
  arXiv  Detail & Related papers  (2021-05-31T17:01:05Z)
• A Self-supervised Approach for Adversarial Robustness [105.88250594033053]
  Adversarial examples can cause catastrophic mistakes in Deep Neural Network (DNNs) based vision systems. This paper proposes a self-supervised adversarial training mechanism in the input space. It provides significant robustness against the textbfunseen adversarial attacks.
  arXiv  Detail & Related papers  (2020-06-08T20:42:39Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.