Defending against adversarial attacks via an Adaptive Guided Denoising Diffusion model

The emergence of a large number of adversarial samples has exposed the vulnerabilities of Deep Neural Networks (DNNs). With the rise of diffusion models, their powerful denoising capabilities have made them a popular strategy for adversarial defense. The defense capability of diffusion models is effective against simple adversarial attacks; however, their effectiveness diminishes when facing more sophisticated and complex attacks. To address this issue, this paper proposes a method called Adaptive Guided Denoising Diffusion (AGDD), which can effectively defend against adversarial attacks. Specifically, we first apply a small noise perturbation to the given adversarial samples, performing the forward diffusion process. Then, in the reverse denoising phase, the diffusion model is guided by the adaptive guided formula $g_{AG}$ to perform denoising. At the same time, the adaptive guided formula $g_{AG}$ is adjusted according to the adaptive matrix $G_t$ and the residual $r_t$. Additionally, we introduced a momentum factor $m$ to further optimize the denoising process, reduce the oscillations caused by gradient variations, and enhance the stability and convergence of the optimization process. Through AGDD, the denoised images accurately reconstruct the characteristics of the original observations (i.e., the unperturbed images) and exhibit strong robustness and adaptability across diverse noise conditions. Extensive experiments on the ImageNet dataset using Convolutional Neural Networks (CNN) and Vision Transformer (ViT) architectures demonstrate that the proposed method exhibits superior robustness against adversarial attacks, with classification accuracy reaching 87.4% for CNN and 85.9% for ViT, surpassing other state-of-the-art defense techniques.