LightPure: Realtime Adversarial Image Purification for Mobile Devices Using Diffusion Models

TL;DR

LightPure is a novel adversarial image purification method that significantly improves speed and accuracy for mobile devices using a diffusion and GAN framework, enabling robust real-time defense against attacks.

Contribution

It introduces a two-step diffusion and one-shot GAN framework that enhances adversarial purification efficiency and accuracy specifically for resource-constrained mobile systems.

Findings

Outperforms existing methods by up to 10x in latency

Achieves higher accuracy and robustness against attacks

Demonstrated on Jetson Nano with various datasets

Abstract

Autonomous mobile systems increasingly rely on deep neural networks for perception and decision-making. While effective, these systems are vulnerable to adversarial machine learning attacks where minor input perturbations can significantly impact outcomes. Common countermeasures involve adversarial training and/or data or network transformation. These methods, though effective, require full access to typically proprietary classifiers and are costly for large models. Recent solutions propose purification models, which add a "purification" layer before classification, eliminating the need to modify the classifier directly. Despite their effectiveness, these methods are compute-intensive, making them unsuitable for mobile systems where resources are limited and low latency is essential. This paper introduces LightPure, a new method that enhances adversarial image purification. It improves the accuracy of existing purification methods and provides notable enhancements in speed and computational efficiency, making it suitable for mobile devices with limited resources. Our approach uses a two-step diffusion and one-shot Generative Adversarial Network (GAN) framework, prioritizing latency without compromising robustness. We propose several new techniques to achieve a reasonable balance between classification accuracy and adversarial robustness while maintaining desired latency. We design and implement a proof-of-concept on a Jetson Nano board and evaluate our method using various attack scenarios and datasets. Our results show that LightPure can outperform existing methods by up to 10x in terms of latency while achieving higher accuracy and robustness for various attack scenarios. This method offers a scalable and effective solution for real-world mobile systems.