Random Sampling for Diffusion-based Adversarial Purification Article Swipe
Jiancheng Zhang
,
Peiran Dong
,
Yongyong Chen
,
Yin‐Ping Zhao
,
Song Guo
·
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2411.18956
YOU?
·
· 2024
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2411.18956
Denoising Diffusion Probabilistic Models (DDPMs) have gained great attention in adversarial purification. Current diffusion-based works focus on designing effective condition-guided mechanisms while ignoring a fundamental problem, i.e., the original DDPM sampling is intended for stable generation, which may not be the optimal solution for adversarial purification. Inspired by the stability of the Denoising Diffusion Implicit Model (DDIM), we propose an opposite sampling scheme called random sampling. In brief, random sampling will sample from a random noisy space during each diffusion process, while DDPM and DDIM sampling will continuously sample from the adjacent or original noisy space. Thus, random sampling obtains more randomness and achieves stronger robustness against adversarial attacks. Correspondingly, we also introduce a novel mediator conditional guidance to guarantee the consistency of the prediction under the purified image and clean image input. To expand awareness of guided diffusion purification, we conduct a detailed evaluation with different sampling methods and our random sampling achieves an impressive improvement in multiple settings. Leveraging mediator-guided random sampling, we also establish a baseline method named DiffAP, which significantly outperforms state-of-the-art (SOTA) approaches in performance and defensive stability. Remarkably, under strong attack, our DiffAP even achieves a more than 20% robustness advantage with 10$\times$ sampling acceleration.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2411.18956
- https://arxiv.org/pdf/2411.18956
- OA Status
- green
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4405030097
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4405030097Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2411.18956Digital Object Identifier
- Title
-
Random Sampling for Diffusion-based Adversarial PurificationWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2024Year of publication
- Publication date
-
2024-11-28Full publication date if available
- Authors
-
Jiancheng Zhang, Peiran Dong, Yongyong Chen, Yin‐Ping Zhao, Song GuoList of authors in order
- Landing page
-
https://arxiv.org/abs/2411.18956Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2411.18956Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2411.18956Direct OA link when available
- Concepts
-
Adversarial system, Sampling (signal processing), Diffusion, Statistical physics, Computer science, Statistics, Mathematics, Algorithm, Artificial intelligence, Physics, Thermodynamics, Computer vision, Filter (signal processing)Top concepts (fields/topics) attached by OpenAlex
- Cited by
-
0Total citation count in OpenAlex
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4405030097 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2411.18956 |
| ids.doi | https://doi.org/10.48550/arxiv.2411.18956 |
| ids.openalex | https://openalex.org/W4405030097 |
| fwci | |
| type | preprint |
| title | Random Sampling for Diffusion-based Adversarial Purification |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11689 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.953000009059906 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Adversarial Robustness in Machine Learning |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C37736160 |
| concepts[0].level | 2 |
| concepts[0].score | 0.7419037818908691 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q1801315 |
| concepts[0].display_name | Adversarial system |
| concepts[1].id | https://openalex.org/C140779682 |
| concepts[1].level | 3 |
| concepts[1].score | 0.6521094441413879 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q210868 |
| concepts[1].display_name | Sampling (signal processing) |
| concepts[2].id | https://openalex.org/C69357855 |
| concepts[2].level | 2 |
| concepts[2].score | 0.5924810171127319 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q163214 |
| concepts[2].display_name | Diffusion |
| concepts[3].id | https://openalex.org/C121864883 |
| concepts[3].level | 1 |
| concepts[3].score | 0.4646579325199127 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q677916 |
| concepts[3].display_name | Statistical physics |
| concepts[4].id | https://openalex.org/C41008148 |
| concepts[4].level | 0 |
| concepts[4].score | 0.41965121030807495 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[4].display_name | Computer science |
| concepts[5].id | https://openalex.org/C105795698 |
| concepts[5].level | 1 |
| concepts[5].score | 0.3977668583393097 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q12483 |
| concepts[5].display_name | Statistics |
| concepts[6].id | https://openalex.org/C33923547 |
| concepts[6].level | 0 |
| concepts[6].score | 0.3810690939426422 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q395 |
| concepts[6].display_name | Mathematics |
| concepts[7].id | https://openalex.org/C11413529 |
| concepts[7].level | 1 |
| concepts[7].score | 0.32532835006713867 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q8366 |
| concepts[7].display_name | Algorithm |
| concepts[8].id | https://openalex.org/C154945302 |
| concepts[8].level | 1 |
| concepts[8].score | 0.2572479546070099 |
| concepts[8].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[8].display_name | Artificial intelligence |
| concepts[9].id | https://openalex.org/C121332964 |
| concepts[9].level | 0 |
| concepts[9].score | 0.2051151692867279 |
| concepts[9].wikidata | https://www.wikidata.org/wiki/Q413 |
| concepts[9].display_name | Physics |
| concepts[10].id | https://openalex.org/C97355855 |
| concepts[10].level | 1 |
| concepts[10].score | 0.10256034135818481 |
| concepts[10].wikidata | https://www.wikidata.org/wiki/Q11473 |
| concepts[10].display_name | Thermodynamics |
| concepts[11].id | https://openalex.org/C31972630 |
| concepts[11].level | 1 |
| concepts[11].score | 0.09011968970298767 |
| concepts[11].wikidata | https://www.wikidata.org/wiki/Q844240 |
| concepts[11].display_name | Computer vision |
| concepts[12].id | https://openalex.org/C106131492 |
| concepts[12].level | 2 |
| concepts[12].score | 0.0 |
| concepts[12].wikidata | https://www.wikidata.org/wiki/Q3072260 |
| concepts[12].display_name | Filter (signal processing) |
| keywords[0].id | https://openalex.org/keywords/adversarial-system |
| keywords[0].score | 0.7419037818908691 |
| keywords[0].display_name | Adversarial system |
| keywords[1].id | https://openalex.org/keywords/sampling |
| keywords[1].score | 0.6521094441413879 |
| keywords[1].display_name | Sampling (signal processing) |
| keywords[2].id | https://openalex.org/keywords/diffusion |
| keywords[2].score | 0.5924810171127319 |
| keywords[2].display_name | Diffusion |
| keywords[3].id | https://openalex.org/keywords/statistical-physics |
| keywords[3].score | 0.4646579325199127 |
| keywords[3].display_name | Statistical physics |
| keywords[4].id | https://openalex.org/keywords/computer-science |
| keywords[4].score | 0.41965121030807495 |
| keywords[4].display_name | Computer science |
| keywords[5].id | https://openalex.org/keywords/statistics |
| keywords[5].score | 0.3977668583393097 |
| keywords[5].display_name | Statistics |
| keywords[6].id | https://openalex.org/keywords/mathematics |
| keywords[6].score | 0.3810690939426422 |
| keywords[6].display_name | Mathematics |
| keywords[7].id | https://openalex.org/keywords/algorithm |
| keywords[7].score | 0.32532835006713867 |
| keywords[7].display_name | Algorithm |
| keywords[8].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[8].score | 0.2572479546070099 |
| keywords[8].display_name | Artificial intelligence |
| keywords[9].id | https://openalex.org/keywords/physics |
| keywords[9].score | 0.2051151692867279 |
| keywords[9].display_name | Physics |
| keywords[10].id | https://openalex.org/keywords/thermodynamics |
| keywords[10].score | 0.10256034135818481 |
| keywords[10].display_name | Thermodynamics |
| keywords[11].id | https://openalex.org/keywords/computer-vision |
| keywords[11].score | 0.09011968970298767 |
| keywords[11].display_name | Computer vision |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2411.18956 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2411.18956 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | text |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2411.18956 |
| locations[1].id | doi:10.48550/arxiv.2411.18956 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2411.18956 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5101647934 |
| authorships[0].author.orcid | https://orcid.org/0009-0000-5545-3566 |
| authorships[0].author.display_name | Jiancheng Zhang |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Zhang, Jiancheng |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5079721189 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-1129-9218 |
| authorships[1].author.display_name | Peiran Dong |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Dong, Peiran |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5031480448 |
| authorships[2].author.orcid | https://orcid.org/0000-0003-1970-1993 |
| authorships[2].author.display_name | Yongyong Chen |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Chen, Yongyong |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5056087679 |
| authorships[3].author.orcid | https://orcid.org/0000-0003-2766-5689 |
| authorships[3].author.display_name | Yin‐Ping Zhao |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Zhao, Yin-Ping |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5043464306 |
| authorships[4].author.orcid | https://orcid.org/0000-0001-9831-2202 |
| authorships[4].author.display_name | Song Guo |
| authorships[4].author_position | last |
| authorships[4].raw_author_name | Guo, Song |
| authorships[4].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2411.18956 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Random Sampling for Diffusion-based Adversarial Purification |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11689 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.953000009059906 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Adversarial Robustness in Machine Learning |
| related_works | https://openalex.org/W2502115930, https://openalex.org/W2482350142, https://openalex.org/W4246396837, https://openalex.org/W3126451824, https://openalex.org/W1561927205, https://openalex.org/W3191453585, https://openalex.org/W4297672492, https://openalex.org/W4310988119, https://openalex.org/W4285226279, https://openalex.org/W3107697994 |
| cited_by_count | 0 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2411.18956 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2411.18956 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | text |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2411.18956 |
| primary_location.id | pmh:oai:arXiv.org:2411.18956 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2411.18956 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | text |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2411.18956 |
| publication_date | 2024-11-28 |
| publication_year | 2024 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 23, 73, 113, 142, 167, 191 |
| abstract_inverted_index.In | 66 |
| abstract_inverted_index.To | 133 |
| abstract_inverted_index.an | 59, 154 |
| abstract_inverted_index.be | 39 |
| abstract_inverted_index.by | 47 |
| abstract_inverted_index.in | 9, 157, 178 |
| abstract_inverted_index.is | 31 |
| abstract_inverted_index.of | 50, 122, 136 |
| abstract_inverted_index.on | 16 |
| abstract_inverted_index.or | 92 |
| abstract_inverted_index.to | 118 |
| abstract_inverted_index.we | 57, 110, 140, 164 |
| abstract_inverted_index.20% | 194 |
| abstract_inverted_index.and | 83, 102, 129, 149, 180 |
| abstract_inverted_index.for | 33, 43 |
| abstract_inverted_index.may | 37 |
| abstract_inverted_index.not | 38 |
| abstract_inverted_index.our | 150, 187 |
| abstract_inverted_index.the | 27, 40, 48, 51, 90, 120, 123, 126 |
| abstract_inverted_index.DDIM | 84 |
| abstract_inverted_index.DDPM | 29, 82 |
| abstract_inverted_index.also | 111, 165 |
| abstract_inverted_index.each | 78 |
| abstract_inverted_index.even | 189 |
| abstract_inverted_index.from | 72, 89 |
| abstract_inverted_index.have | 5 |
| abstract_inverted_index.more | 100, 192 |
| abstract_inverted_index.than | 193 |
| abstract_inverted_index.will | 70, 86 |
| abstract_inverted_index.with | 145, 197 |
| abstract_inverted_index.Model | 55 |
| abstract_inverted_index.Thus, | 96 |
| abstract_inverted_index.clean | 130 |
| abstract_inverted_index.focus | 15 |
| abstract_inverted_index.great | 7 |
| abstract_inverted_index.i.e., | 26 |
| abstract_inverted_index.image | 128, 131 |
| abstract_inverted_index.named | 170 |
| abstract_inverted_index.noisy | 75, 94 |
| abstract_inverted_index.novel | 114 |
| abstract_inverted_index.space | 76 |
| abstract_inverted_index.under | 125, 184 |
| abstract_inverted_index.which | 36, 172 |
| abstract_inverted_index.while | 21, 81 |
| abstract_inverted_index.works | 14 |
| abstract_inverted_index.(SOTA) | 176 |
| abstract_inverted_index.DiffAP | 188 |
| abstract_inverted_index.Models | 3 |
| abstract_inverted_index.brief, | 67 |
| abstract_inverted_index.called | 63 |
| abstract_inverted_index.during | 77 |
| abstract_inverted_index.expand | 134 |
| abstract_inverted_index.gained | 6 |
| abstract_inverted_index.guided | 137 |
| abstract_inverted_index.input. | 132 |
| abstract_inverted_index.method | 169 |
| abstract_inverted_index.random | 64, 68, 74, 97, 151, 162 |
| abstract_inverted_index.sample | 71, 88 |
| abstract_inverted_index.scheme | 62 |
| abstract_inverted_index.space. | 95 |
| abstract_inverted_index.stable | 34 |
| abstract_inverted_index.strong | 185 |
| abstract_inverted_index.(DDIM), | 56 |
| abstract_inverted_index.(DDPMs) | 4 |
| abstract_inverted_index.Current | 12 |
| abstract_inverted_index.DiffAP, | 171 |
| abstract_inverted_index.against | 106 |
| abstract_inverted_index.attack, | 186 |
| abstract_inverted_index.conduct | 141 |
| abstract_inverted_index.methods | 148 |
| abstract_inverted_index.obtains | 99 |
| abstract_inverted_index.optimal | 41 |
| abstract_inverted_index.propose | 58 |
| abstract_inverted_index.Implicit | 54 |
| abstract_inverted_index.Inspired | 46 |
| abstract_inverted_index.achieves | 103, 153, 190 |
| abstract_inverted_index.adjacent | 91 |
| abstract_inverted_index.attacks. | 108 |
| abstract_inverted_index.baseline | 168 |
| abstract_inverted_index.detailed | 143 |
| abstract_inverted_index.guidance | 117 |
| abstract_inverted_index.ignoring | 22 |
| abstract_inverted_index.intended | 32 |
| abstract_inverted_index.mediator | 115 |
| abstract_inverted_index.multiple | 158 |
| abstract_inverted_index.opposite | 60 |
| abstract_inverted_index.original | 28, 93 |
| abstract_inverted_index.problem, | 25 |
| abstract_inverted_index.process, | 80 |
| abstract_inverted_index.purified | 127 |
| abstract_inverted_index.sampling | 30, 61, 69, 85, 98, 147, 152, 199 |
| abstract_inverted_index.solution | 42 |
| abstract_inverted_index.stronger | 104 |
| abstract_inverted_index.Denoising | 0, 52 |
| abstract_inverted_index.Diffusion | 1, 53 |
| abstract_inverted_index.advantage | 196 |
| abstract_inverted_index.attention | 8 |
| abstract_inverted_index.awareness | 135 |
| abstract_inverted_index.defensive | 181 |
| abstract_inverted_index.designing | 17 |
| abstract_inverted_index.different | 146 |
| abstract_inverted_index.diffusion | 79, 138 |
| abstract_inverted_index.effective | 18 |
| abstract_inverted_index.establish | 166 |
| abstract_inverted_index.guarantee | 119 |
| abstract_inverted_index.introduce | 112 |
| abstract_inverted_index.sampling, | 163 |
| abstract_inverted_index.sampling. | 65 |
| abstract_inverted_index.settings. | 159 |
| abstract_inverted_index.stability | 49 |
| abstract_inverted_index.10$\times$ | 198 |
| abstract_inverted_index.Leveraging | 160 |
| abstract_inverted_index.approaches | 177 |
| abstract_inverted_index.evaluation | 144 |
| abstract_inverted_index.impressive | 155 |
| abstract_inverted_index.mechanisms | 20 |
| abstract_inverted_index.prediction | 124 |
| abstract_inverted_index.randomness | 101 |
| abstract_inverted_index.robustness | 105, 195 |
| abstract_inverted_index.stability. | 182 |
| abstract_inverted_index.Remarkably, | 183 |
| abstract_inverted_index.adversarial | 10, 44, 107 |
| abstract_inverted_index.conditional | 116 |
| abstract_inverted_index.consistency | 121 |
| abstract_inverted_index.fundamental | 24 |
| abstract_inverted_index.generation, | 35 |
| abstract_inverted_index.improvement | 156 |
| abstract_inverted_index.outperforms | 174 |
| abstract_inverted_index.performance | 179 |
| abstract_inverted_index.continuously | 87 |
| abstract_inverted_index.Probabilistic | 2 |
| abstract_inverted_index.acceleration. | 200 |
| abstract_inverted_index.purification, | 139 |
| abstract_inverted_index.purification. | 11, 45 |
| abstract_inverted_index.significantly | 173 |
| abstract_inverted_index.diffusion-based | 13 |
| abstract_inverted_index.mediator-guided | 161 |
| abstract_inverted_index.Correspondingly, | 109 |
| abstract_inverted_index.condition-guided | 19 |
| abstract_inverted_index.state-of-the-art | 175 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 5 |
| citation_normalized_percentile |