Iterative Window Mean Filter: Thwarting Diffusion-based Adversarial Purification

TL;DR

This paper introduces the Iterative Window Mean Filter (IWMF), a non-deep-learning image filter, and a purification framework IWMF-Diff that effectively defends face recognition systems against adversarial attacks without retraining.

Contribution

The paper presents a novel non-deep-learning filter and a purification framework that outperform existing methods in defending against diverse and adaptive adversarial attacks.

Findings

IWMF effectively removes adversarial perturbations.

IWMF-Diff surpasses DiffPure in security and generalizability.

Methods preserve face recognition accuracy under attack.

Abstract

Face authentication systems have brought significant convenience and advanced developments, yet they have become unreliable due to their sensitivity to inconspicuous perturbations, such as adversarial attacks. Existing defenses often exhibit weaknesses when facing various attack algorithms and adaptive attacks or compromise accuracy for enhanced security. To address these challenges, we have developed a novel and highly efficient non-deep-learning-based image filter called the Iterative Window Mean Filter (IWMF) and proposed a new framework for adversarial purification, named IWMF-Diff, which integrates IWMF and denoising diffusion models. These methods can function as pre-processing modules to eliminate adversarial perturbations without necessitating further modifications or retraining of the target system. We demonstrate that our proposed methodologies fulfill four critical requirements: preserved accuracy, improved security, generalizability to various threats in different settings, and better resistance to adaptive attacks. This performance surpasses that of the state-of-the-art adversarial purification method, DiffPure.