Adversarial Masked Autoencoder Purifier with Defense Transferability
This addresses adversarial attacks for computer vision systems, offering a novel defense with transferability, though it is incremental as it builds on existing MAE and purifier frameworks.
The paper tackles adversarial defense by proposing Masked AutoEncoder Purifier (MAEP), a test-time purification method that integrates Masked AutoEncoder to achieve state-of-the-art robustness with minimal accuracy drop, notably transferring effectively from CIFAR10 to ImageNet without extra data.
The study of adversarial defense still struggles to combat with advanced adversarial attacks. In contrast to most prior studies that rely on the diffusion model for test-time defense to remarkably increase the inference time, we propose Masked AutoEncoder Purifier (MAEP), which integrates Masked AutoEncoder (MAE) into an adversarial purifier framework for test-time purification. While MAEP achieves promising adversarial robustness, it particularly features model defense transferability and attack generalization without relying on using additional data that is different from the training dataset. To our knowledge, MAEP is the first study of adversarial purifier based on MAE. Extensive experimental results demonstrate that our method can not only maintain clear accuracy with only a slight drop but also exhibit a close gap between the clean and robust accuracy. Notably, MAEP trained on CIFAR10 achieves state-of-the-art performance even when tested directly on ImageNet, outperforming existing diffusion-based models trained specifically on ImageNet.