Enhancing Adversarial Robustness via Score-Based Optimization

TL;DR

This paper introduces ScoreOpt, a novel test-time adversarial defense method that leverages score-based priors to optimize adversarial samples, achieving superior robustness and efficiency over existing defenses.

Contribution

ScoreOpt is a new adversarial defense scheme that improves robustness and inference speed by optimizing adversarial samples towards clean data using score-based priors.

Findings

Outperforms existing defenses in robustness.

Achieves faster inference speeds.

Effective on CIFAR10, CIFAR100, and ImageNet.

Abstract

Adversarial attacks have the potential to mislead deep neural network classifiers by introducing slight perturbations. Developing algorithms that can mitigate the effects of these attacks is crucial for ensuring the safe use of artificial intelligence. Recent studies have suggested that score-based diffusion models are effective in adversarial defenses. However, existing diffusion-based defenses rely on the sequential simulation of the reversed stochastic differential equations of diffusion models, which are computationally inefficient and yield suboptimal results. In this paper, we introduce a novel adversarial defense scheme named ScoreOpt, which optimizes adversarial samples at test-time, towards original clean data in the direction guided by score-based priors. We conduct comprehensive experiments on multiple datasets, including CIFAR10, CIFAR100 and ImageNet. Our experimental results demonstrate that our approach outperforms existing adversarial defenses in terms of both robustness performance and inference speed.