LoRID: Low-Rank Iterative Diffusion for Adversarial Purification
Abstract
This work presents an information-theoretic examination of diffusion-based purification methods, the state-of-the-art adversarial defenses that utilize diffusion models to remove malicious perturbations in adversarial examples. By theoretically characterizing the inherent purification errors associated with the Markov-based diffusion purifications, we introduce LoRID, a novel Low-Rank Iterative Diffusion purification method designed to remove adversarial perturbation with low intrinsic purification errors. LoRID centers around a multi-stage purification process that leverages multiple rounds of diffusion-denoising loops at the early time-steps of the diffusion models, and the integration of Tucker decomposition, an extension of matrix factorization, to remove adversarial noise at high-noise regimes. Consequently, LoRID increases the effective diffusion time-steps and overcomes strong adversarial attacks, achieving superior robustness performance in CIFAR-10/100, CelebA-HQ, and ImageNet datasets under both white-box and grey-box settings.
Cite
Text
Zollicoffer et al. "LoRID: Low-Rank Iterative Diffusion for Adversarial Purification." AAAI Conference on Artificial Intelligence, 2025. doi:10.1609/AAAI.V39I21.34472Markdown
[Zollicoffer et al. "LoRID: Low-Rank Iterative Diffusion for Adversarial Purification." AAAI Conference on Artificial Intelligence, 2025.](https://mlanthology.org/aaai/2025/zollicoffer2025aaai-lorid/) doi:10.1609/AAAI.V39I21.34472BibTeX
@inproceedings{zollicoffer2025aaai-lorid,
title = {{LoRID: Low-Rank Iterative Diffusion for Adversarial Purification}},
author = {Zollicoffer, Geigh and Vu, Minh N. and Nebgen, Ben and Castorena, Juan and Alexandrov, Boian S. and Bhattarai, Manish},
booktitle = {AAAI Conference on Artificial Intelligence},
year = {2025},
pages = {23081-23089},
doi = {10.1609/AAAI.V39I21.34472},
url = {https://mlanthology.org/aaai/2025/zollicoffer2025aaai-lorid/}
}