TY - JOUR
T1 - Iterative Window Mean Filter
T2 - Thwarting Diffusion-Based Adversarial Purification
AU - Wang, Hanrui
AU - Sun, Ruoxi
AU - Chen, Cunjian
AU - Xue, Minhui
AU - Soon, Lay Ki
AU - Wang, Shuo
AU - Jin, Zhe
N1 - Publisher Copyright:
© 2004-2012 IEEE.
PY - 2024/10/2
Y1 - 2024/10/2
N2 - Face authentication systems have brought significant convenience and advanced developments, yet they have become unreliable due to their sensitivity to inconspicuous perturbations, such as adversarial attacks. Existing defenses often exhibit weaknesses when facing various attack algorithms and adaptive attacks or compromise accuracy for enhanced security. To address these challenges, we have developed a novel and highly efficient non-deep-learning-based image filter called the Iterative Window Mean Filter (IWMF) and proposed a new framework for adversarial purification, named IWMF-Diff, which integrates IWMF and denoising diffusion models. These methods can function as pre-processing modules to eliminate adversarial perturbations without necessitating further modifications or retraining of the target system. We demonstrate that our proposed methodologies fulfill four critical requirements: preserved accuracy, improved security, generalizability to various threats in different settings, and better resistance to adaptive attacks. This performance surpasses that of the state-of-the-art adversarial purification method, DiffPure. Our code is released at https://github.com/azrealwang/iwmfdiff.
AB - Face authentication systems have brought significant convenience and advanced developments, yet they have become unreliable due to their sensitivity to inconspicuous perturbations, such as adversarial attacks. Existing defenses often exhibit weaknesses when facing various attack algorithms and adaptive attacks or compromise accuracy for enhanced security. To address these challenges, we have developed a novel and highly efficient non-deep-learning-based image filter called the Iterative Window Mean Filter (IWMF) and proposed a new framework for adversarial purification, named IWMF-Diff, which integrates IWMF and denoising diffusion models. These methods can function as pre-processing modules to eliminate adversarial perturbations without necessitating further modifications or retraining of the target system. We demonstrate that our proposed methodologies fulfill four critical requirements: preserved accuracy, improved security, generalizability to various threats in different settings, and better resistance to adaptive attacks. This performance surpasses that of the state-of-the-art adversarial purification method, DiffPure. Our code is released at https://github.com/azrealwang/iwmfdiff.
KW - Adversarial defense
KW - adversarial purification
KW - denoising diffusion model
KW - face recognition
UR - http://www.scopus.com/inward/record.url?scp=85205906540&partnerID=8YFLogxK
U2 - 10.1109/TDSC.2024.3472569
DO - 10.1109/TDSC.2024.3472569
M3 - Article
AN - SCOPUS:85205906540
SN - 1941-0018
JO - IEEE Transactions on Dependable and Secure Computing
JF - IEEE Transactions on Dependable and Secure Computing
ER -