Adversarial purification with one-step guided diffusion model.

Recently, the employment of diffusion models for adversarial purification has attracted the attention due to their strong generalization ability towards defensive adversarial examples. However, the multi-step sampling required for the diffusion model results in time and resource consumption. To address these issues, we propose a novel One-Step Guided Diffusion Model (OSGD) for efficient adversarial purification. OSGD combines a one-step denoising process with a guiding strategy to accelerate sampling speed and achieve superior purification results. Specifically, OSGD utilizes a diffusion model for two rounds of one-step denoising, with the preliminary image obtained in the first round serving as the guidance signal for the second round. In the second round, the adversarial images are purified under the guidance of preliminary images to eliminate adversarial perturbations. We analyze the rationality of using preliminary denoised images as guidance signals and verify the effectiveness of this guidance strategy through experiments. Extensive experiments on Cifar10 and ImageNet using three attack methods, including PGD, AutoAttack, and BPDA+EOT, demonstrate that our method achieves the state-of-the-art performance in terms of accuracy and efficiency. Source code for this work is available at https://github.com/zmlix/OSGD.git.