Related papers: NAPPure: Adversarial Purification for Robust Image Classification under Non-Additive Perturbations

NAPPure: Adversarial Purification for Robust Image Classification under Non-Additive Perturbations

URL: http://arxiv.org/abs/2510.14025v1
Date: Wed, 15 Oct 2025 19:05:59 GMT
Title: NAPPure: Adversarial Purification for Robust Image Classification under Non-Additive Perturbations
Authors: Junjie Nan, Jianing Li, Wei Chen, Mingkun Zhang, Xueqi Cheng,
Abstract summary: We propose an extended adversarial purification framework named NAPPure, which can handle non-additive perturbations.<n>Experiments on GTSRB and CIFAR-10 datasets show that NAPPure significantly boosts the robustness of image classification models against non-additive perturbations.
Score: 51.835201929946294
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Adversarial purification has achieved great success in combating adversarial image perturbations, which are usually assumed to be additive. However, non-additive adversarial perturbations such as blur, occlusion, and distortion are also common in the real world. Under such perturbations, existing adversarial purification methods are much less effective since they are designed to fit the additive nature. In this paper, we propose an extended adversarial purification framework named NAPPure, which can further handle non-additive perturbations. Specifically, we first establish the generation process of an adversarial image, and then disentangle the underlying clean image and perturbation parameters through likelihood maximization. Experiments on GTSRB and CIFAR-10 datasets show that NAPPure significantly boosts the robustness of image classification models against non-additive perturbations.

Related papers

Dual Attention Guided Defense Against Malicious Edits [70.17363183107604]
We propose a Dual Attention-Guided Noise Perturbation (DANP) immunization method that adds imperceptible perturbations to disrupt the model's semantic understanding and generation process.<n>Our method exhibits impressive immunity against malicious edits, and extensive experiments confirm that our method achieves state-of-the-art performance.
arXiv Detail & Related papers (2025-12-16T12:01:28Z)
Towards Robust Defense against Customization via Protective Perturbation Resistant to Diffusion-based Purification [20.862062527487794]
Protective perturbations mitigate image misuse by injecting imperceptible adversarial noise.<n> purification can remove protective perturbations, thereby exposing images again to the risk of malicious forgery.<n>AntiPure embeds imperceptible perturbations that persist under representative purification settings, achieving effective post-customization distortion.
arXiv Detail & Related papers (2025-09-17T11:30:13Z)
Active Adversarial Noise Suppression for Image Forgery Localization [56.98050814363447]
We introduce an Adversarial Noise Suppression Module (ANSM) that generate a defensive perturbation to suppress the attack effect of adversarial noise.<n>To our best knowledge, this is the first report of adversarial defense in image forgery localization tasks.
arXiv Detail & Related papers (2025-06-15T14:53:27Z)
Gradient-Free Adversarial Purification with Diffusion Models [26.591092007972325]
Adversarial training and adversarial purification are widely used to enhance model robustness against adversarial attacks.<n>In this paper, we propose an effective and efficient defense framework that counters both perturbation-based and unrestricted adversarial attacks.
arXiv Detail & Related papers (2025-01-23T02:34:14Z)
High-Frequency Anti-DreamBooth: Robust Defense against Personalized Image Synthesis [12.555117983678624]
We propose a new adversarial attack method that adds strong perturbation on the high-frequency areas of images to make it more robust to adversarial purification. Our experiment showed that the adversarial images retained noise even after adversarial purification, hindering malicious image generation.
arXiv Detail & Related papers (2024-09-12T15:58:28Z)
Adv-Diffusion: Imperceptible Adversarial Face Identity Attack via Latent Diffusion Model [61.53213964333474]
We propose a unified framework Adv-Diffusion that can generate imperceptible adversarial identity perturbations in the latent space but not the raw pixel space. Specifically, we propose the identity-sensitive conditioned diffusion generative model to generate semantic perturbations in the surroundings. The designed adaptive strength-based adversarial perturbation algorithm can ensure both attack transferability and stealthiness.
arXiv Detail & Related papers (2023-12-18T15:25:23Z)
Adversarial Purification of Information Masking [8.253834429336656]
Adrial attacks generate minuscule, imperceptible perturbations to images to deceive neural networks. Counteracting these, adversarial purification methods seek to transform adversarial input samples into clean output images to defend against adversarial attacks. We propose a novel adversarial purification approach named Information Mask Purification (IMPure) to extensively eliminate adversarial perturbations.
arXiv Detail & Related papers (2023-11-26T15:50:19Z)
Content-based Unrestricted Adversarial Attack [53.181920529225906]
We propose a novel unrestricted attack framework called Content-based Unrestricted Adversarial Attack. By leveraging a low-dimensional manifold that represents natural images, we map the images onto the manifold and optimize them along its adversarial direction.
arXiv Detail & Related papers (2023-05-18T02:57:43Z)
Guided Diffusion Model for Adversarial Purification [103.4596751105955]
Adversarial attacks disturb deep neural networks (DNNs) in various algorithms and frameworks. We propose a novel purification approach, referred to as guided diffusion model for purification (GDMP) On our comprehensive experiments across various datasets, the proposed GDMP is shown to reduce the perturbations raised by adversarial attacks to a shallow range.
arXiv Detail & Related papers (2022-05-30T10:11:15Z)

This list is automatically generated from the titles and abstracts of the papers in this site.