A diffusion-based adversarial purification method trained with adversarial noise.
Table of Contents
ANDP (Adversarial Noise–Driven Diffusion Purification) is designed to:
- Remove adversarial perturbations from images using diffusion models trained with adversarial noise, which improves robustness against unseen attacks.
- Support multiple datasets and classifiers.
- Provide a modular experiment pipeline for ablation studies, hyperparameter sweeps, and cross-classifier evaluation.
-
System requirements:
Component Specification OS Linux (Ubuntu recommended) GPU NVIDIA GeForce RTX 4090 NVIDIA Driver 535.183.01 CUDA 12.2 Python 3.9 recommended (3.10 may work with caution) -
Create environment:
conda create -n andp-env python=3.9 conda activate andp-env pip install -r requirements.txt
- Supported datasets:
- Training and evaluation scripts automatically detect datasets at the default locations.
- See
datasets/README.mdfor dataset preparation instructions.
- See
- Pre-trained classifier are stored under
pretrained_models/.- Checkpoints are automatically downloaded if missing (except WRN-70-16 on CIFAR-10, see
pretrained_models/README.md).
- Checkpoints are automatically downloaded if missing (except WRN-70-16 on CIFAR-10, see
- Configuration files are defined in YAML format and located under
configs/(e.g.,cifar10.yaml,imagenet.yaml). - Each configuration file specifies global settings, dataset and model parameters, and experiment-specific options for training, evaluation, and adversarial purification.
-
Experiment scripts
Script Purpose scripts/run.shUnified entry point for a single experiment (training & evaluation) scripts/exp_baseline.shPhase 0: baseline experiments scripts/exp_mode_selection.shPhase 1: mix-noise mode selection experiments scripts/exp_lambda_sweep.shPhase 2: lambda sweep experiments scripts/exp_exposure_ablation.shPhase 3: exposure ablation studies scripts/exp_batch.shPhase 4: multi-seed & cross-dataset & cross-classifier evaluation Notes:
Each experiment script calls run.sh with the corresponding parameters.
Scripts are designed to allow batch runs for reproducibility. -
Single experiment example:
bash scripts/run.sh \ --train --test \ --dataset cifar10 \ --classifier wrn-28-10 \ --seed 33 \ --mix-mode convex_energy \ --lambda-sched sinusoid \ --exposure full
-
Batch experiment example (multi-seed / multi-dataset / multi-classifier):
bash scripts/exp_batch.sh
-
Logs are saved under
logs/with timestamped folders. -
Output results are saved under
results/<dataset>/<timestamp>_<classifier>_<seed>/.Example structure:
. ├── logs/ │ ├── 20251217_060925_cifar10_wrn-28-10_33/ │ └── ... └── results/ ├── cifar10/ │ ├── 20251217_060925_wrn-28-10_33/ │ └── ... └── imagenet/ ├── 20251218_080319_rn-50_33/ └── ...
This project is licensed under the MIT License. See the LICENSE file for details.
Acknowledgements / References:
- DiffPure: for adversarial purification using diffusion models
- HuggingFace diffusers: for UNet and diffusion scheduler implementations
- RobustBench: for pre-trained robust classifiers
- AutoAttack: for standardized adversarial attack evaluation
Please note that while this code is MIT-licensed, some referenced projects may have their own licenses.