Contrastive Spectral Rectification: Test-Time Defense towards Zero-shot Adversarial Robustness of CLIP

TL;DR

This paper introduces Contrastive Spectral Rectification (CSR), a test-time defense method that enhances zero-shot adversarial robustness of CLIP by realigning inputs with natural spectral features, outperforming existing defenses across multiple benchmarks.

Contribution

The paper proposes CSR, a novel spectral-guided contrastive approach for test-time adversarial defense that is efficient, broadly applicable, and improves robustness of vision-language models like CLIP.

Findings

CSR outperforms state-of-the-art methods by 18.1% on average against AutoAttack.

CSR demonstrates broad applicability across diverse visual tasks.

The method effectively mitigates feature inconsistency caused by adversarial examples.

Abstract

Vision-language models (VLMs) such as CLIP have demonstrated remarkable zero-shot generalization, yet remain highly vulnerable to adversarial examples (AEs). While test-time defenses are promising, existing methods fail to provide sufficient robustness against strong attacks and are often hampered by high inference latency and task-specific applicability. To address these limitations, we start by investigating the intrinsic properties of AEs, which reveals that AEs exhibit severe feature inconsistency under progressive frequency attenuation. We further attribute this to the model's inherent spectral bias. Leveraging this insight, we propose an efficient test-time defense named Contrastive Spectral Rectification (CSR). CSR optimizes a rectification perturbation to realign the input with the natural manifold under a spectral-guided contrastive objective, which is applied input-adaptively. Extensive experiments across 16 classification benchmarks demonstrate that CSR outperforms the SOTA by an average of 18.1% against strong AutoAttack with modest inference overhead. Furthermore, CSR exhibits broad applicability across diverse visual tasks. Code is available at https://github.com/Summu77/CSR.