Summary of Adversarial Robustification Via Text-to-image Diffusion Models, by Daewon Choi et al.
Adversarial Robustification via Text-to-Image Diffusion Models
by Daewon Choi, Jongheon Jeong, Huiwon Jang, Jinwoo Shin
First submitted to arxiv on: 26 Jul 2024
Categories
- Main: Computer Vision and Pattern Recognition (cs.CV)
- Secondary: Machine Learning (cs.LG)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The proposed method develops a scalable and model-agnostic solution to achieve adversarial robustness without using any data, leveraging recent text-to-image diffusion models as “adaptable” denoisers. The approach initiates a denoise-and-classify pipeline that provides provable guarantees against adversarial attacks, and leverages synthetic reference images generated from the text-to-image model to enable novel adaptation schemes. Experiments demonstrate that this data-free scheme can improve the (provable) adversarial robustness of pre-trained models like CLIP while maintaining their accuracy, surpassing prior approaches that utilize full training data. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Imagine you have a super smart computer program that’s really good at recognizing pictures, but what if someone tries to trick it by adding fake stuff to the picture? This is called an “adversarial attack”. The problem is that most programs aren’t designed to handle these attacks. Scientists found a way to make these programs more secure without needing all the data they were trained on. They used special models that can take text and turn it into pictures, kind of like a superpower. This new method helps keep the program safe from bad guys trying to trick it, while still being really good at recognizing things. |
Keywords
* Artificial intelligence * Diffusion
