Pre-Trained Multiple Latent Variable Generative Models Are Good Defenders Against Adversarial Attacks
Abstract
Attackers can deliberately perturb classifiers' input with subtle noise altering final predictions. Among proposed countermeasures adversarial purification employs generative networks to preprocess input images filtering out adversarial noise. In this study we propose specific generators defined Multiple Latent Variable Generative Models (MLVGMs) for adversarial purification. These models possess multiple latent variables that naturally disentangle coarse from fine features. Taking advantage of these properties we autoencode images to maintain class-relevant information while discarding and re-sampling any detail including adversarial noise. The procedure is completely training-free exploring the generalization abilities of pre-trained MLVGMs on the adversarial purification downstream task. Despite the lack of large models trained on billions of samples we show that smaller MLVGMs are already competitive with traditional methods and can be used as foundation models. Official code released at https://github.com/SerezD/gen_adversarial.
Cite
Text
Serez et al. "Pre-Trained Multiple Latent Variable Generative Models Are Good Defenders Against Adversarial Attacks." Winter Conference on Applications of Computer Vision, 2025.Markdown
[Serez et al. "Pre-Trained Multiple Latent Variable Generative Models Are Good Defenders Against Adversarial Attacks." Winter Conference on Applications of Computer Vision, 2025.](https://mlanthology.org/wacv/2025/serez2025wacv-pretrained/)BibTeX
@inproceedings{serez2025wacv-pretrained,
title = {{Pre-Trained Multiple Latent Variable Generative Models Are Good Defenders Against Adversarial Attacks}},
author = {Serez, Dario and Cristani, Marco and Del Bue, Alessio and Murino, Vittorio and Morerio, Pietro},
booktitle = {Winter Conference on Applications of Computer Vision},
year = {2025},
pages = {6506-6516},
url = {https://mlanthology.org/wacv/2025/serez2025wacv-pretrained/}
}