Adversarial Purification using Diffusion Models
Вставка
- Опубліковано 7 лют 2025
- SPAAM Seminar Series 5/12/2024
Title: Adversarial Purification using Diffusion Models
Speaker: Matt Bowditch, University of Warwick (MathSys)
Abstract: Neural network-based image classification models have been shown to be vulnerable to adversarial attacks, which is a large concern if they are to be used in a real-world setting. Small, carefully crafted pixel perturbations can be subtly introduced to an image by an attacker, deceiving these classifiers while preserving the image’s visual similarity to the original. One recent approach seeks to defend against such attacks by introducing a diffusion model before classification. This diffusion model acts as a "purifier", removing adversarial perturbations from the image prior to classification. In this talk, I will explore this method and discuss potential modifications to improve its effectiveness. These modifications utilise methods that change semantic content of images during the reverse diffusion process.
Follow us on social media for more information about the seminar and upcoming activities:
Facebook: / warwicksiam
X: x.com/SiamWarwick
Instagram: / siamwarwick
