Neural Networks are infamously sensitive to small perturbations in their inputs, making them vulnerable to adversarial attacks. This project evaluates the performance of Denoising Diffusion Probabilistic Models (DDPM) as a purification technique to defend against adversarial attacks. This works by adding noise to an adversarial example before removing it through the reverse process of the diffusion model. We evaluate the approach on the PatchCamelyon data set for histopathologic scans of lymph node sections and find an improvement of the robust accuracy by up to 88\% of the original model's accuracy, constituting a considerable improvement over the vanilla model and our baselines. The project code is located at https://github.com/ankile/Adversarial-Diffusion.
翻译:神经网络对投入中的小扰动敏感,使其容易受到对抗性攻击。该项目评估Denoising Difmission 概率模型(DPM)作为防御对抗性攻击的净化技术的性能,在通过反向扩散模型的反向过程去除它之前,在对抗性实例中增加噪音。我们评估PatchCamelyon数据组对淋巴结部分进行组织病理扫描的方法,发现原模型精确度提高至88 ⁇,大大改进了香草模型和我们的基线。项目代码位于https://github.com/ankile/Adversarial-Difulation。
相关内容
微信扫码咨询专知VIP会员