Real-World Adversarial Defense against Patch Attacks based on Diffusion Model

Real-World Adversarial Defense against Patch Attacks based on Diffusion Model

Adversarial patches present significant challenges to the robustness of deep learning models, making the development of effective defenses become critical for real-world applications. This paper introduces DIFFender, a novel DIFfusion-based DeFender framework that leverages the power of a text-guide...

Ausführliche Beschreibung

Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on pattern analysis and machine intelligence. - 1979. - PP(2025) vom: 06. Aug.
1. Verfasser: Wei, Xingxing (VerfasserIn)
Weitere Verfasser: Kang, Caixin, Dong, Yinpeng, Wang, Zhengyi, Ruan, Shouwei, Chen, Yubo, Su, And Hang
Format: Online-Aufsatz
Sprache:English
Veröffentlicht: 2025
Zugriff auf das übergeordnete Werk:IEEE transactions on pattern analysis and machine intelligence
Schlagworte:Journal Article
LEADER 01000naa a22002652c 4500
001 NLM390739278
003 DE-627
005 20250807232433.0
007 cr uuu---uuuuu
008 250807s2025 xx |||||o 00| ||eng c
024 7 |a 10.1109/TPAMI.2025.3596462  |2 doi 
028 5 2 |a pubmed25n1523.xml 
035 |a (DE-627)NLM390739278 
035 |a (NLM)40768456 
040 |a DE-627  |b ger  |c DE-627  |e rakwb 
041 |a eng 
100 1 |a Wei, Xingxing  |e verfasserin  |4 aut 
245 1 0 |a Real-World Adversarial Defense against Patch Attacks based on Diffusion Model 
264 1 |c 2025 
336 |a Text  |b txt  |2 rdacontent 
337 |a ƒaComputermedien  |b c  |2 rdamedia 
338 |a ƒa Online-Ressource  |b cr  |2 rdacarrier 
500 |a Date Revised 06.08.2025 
500 |a published: Print-Electronic 
500 |a Citation Status Publisher 
520 |a Adversarial patches present significant challenges to the robustness of deep learning models, making the development of effective defenses become critical for real-world applications. This paper introduces DIFFender, a novel DIFfusion-based DeFender framework that leverages the power of a text-guided diffusion model to counter adversarial patch attacks. At the core of our approach is the discovery of the Adversarial Anomaly Perception (AAP) phenomenon, which enables the diffusion model to accurately detect and locate adversarial patches by analyzing distributional anomalies. DIFFender seamlessly integrates the tasks of patch localization and restoration within a unified diffusion model framework, enhancing defense efficacy through their close interaction. Additionally, DIFFender employs an efficient few-shot prompt-tuning algorithm, facilitating the adaptation of the pre-trained diffusion model to defense tasks without the need for extensive retraining. Our comprehensive evaluation, covering image classification and face recognition tasks, as well as real-world scenarios, demonstrates DIFFender's robust performance against adversarial attacks. The framework's versatility and generalizability across various settings, classifiers, and attack methodologies mark a significant advancement in adversarial patch defense strategies. Except for the popular visible domain, we have identified another advantage of DIFFender: its capability to easily expand into the infrared domain. Consequently, we demonstrate the good flexibility of DIFFender, which can defend against both infrared and visible adversarial patch attacks alternatively using a universal defense framework 
650 4 |a Journal Article 
700 1 |a Kang, Caixin  |e verfasserin  |4 aut 
700 1 |a Dong, Yinpeng  |e verfasserin  |4 aut 
700 1 |a Wang, Zhengyi  |e verfasserin  |4 aut 
700 1 |a Ruan, Shouwei  |e verfasserin  |4 aut 
700 1 |a Chen, Yubo  |e verfasserin  |4 aut 
700 1 |a Su, And Hang  |e verfasserin  |4 aut 
773 0 8 |i Enthalten in  |t IEEE transactions on pattern analysis and machine intelligence  |d 1979  |g PP(2025) vom: 06. Aug.  |w (DE-627)NLM098212257  |x 1939-3539  |7 nnas 
773 1 8 |g volume:PP  |g year:2025  |g day:06  |g month:08 
856 4 0 |u http://dx.doi.org/10.1109/TPAMI.2025.3596462  |3 Volltext 
912 |a GBV_USEFLAG_A 
912 |a SYSFLAG_A 
912 |a GBV_NLM 
912 |a GBV_ILN_350 
951 |a AR 
952 |d PP  |j 2025  |b 06  |c 08