MANI-Pure: Magnitude-Adaptive Noise Injection for Adversarial Purification
Kejia ZhangAbstract
MANI-Pure, a magnitude-adaptive purification framework using diffusion models, effectively suppresses high-frequency adversarial perturbations while preserving low-frequency content, enhancing robust accuracy.
Adversarial purification with diffusion models has emerged as a promising defense strategy, but existing methods typically rely on uniform noise injection, which indiscriminately perturbs all frequencies, corrupting semantic structures and undermining robustness. Our empirical study reveals that adversarial perturbations are not uniformly distributed: they are predominantly concentrated in high-frequency regions, with heterogeneous magnitude intensity patterns that vary across frequencies and attack types. Motivated by this observation, we introduce MANI-Pure, a magnitude-adaptive purification framework that leverages the magnitude spectrum of inputs to guide the purification process. Instead of injecting homogeneous noise, MANI-Pure adaptively applies heterogeneous, frequency-targeted noise, effectively suppressing adversarial perturbations in fragile high-frequency, low-magnitude bands while preserving semantically critical low-frequency content. Extensive experiments on CIFAR-10 and ImageNet-1K validate the effectiveness of MANI-Pure. It narrows the clean accuracy gap to within 0.59 of the original classifier, while boosting robust accuracy by 2.15, and achieves the top-1 robust accuracy on the RobustBench leaderboard, surpassing the previous state-of-the-art method.
Community
A good purification method achieve the trade-off between clean and adversarial conditions, and it surpass the SOTA method in RobustBench.
This is an automated message from the Librarian Bot. I found the following papers similar to this paper.
The following papers were recommended by the Semantic Scholar API
- DRIFT: Divergent Response in Filtered Transformations for Robust Adversarial Defense (2025)
- Towards Robust Defense against Customization via Protective Perturbation Resistant to Diffusion-based Purification (2025)
- Keep It Real: Challenges in Attacking Compression-Based Adversarial Purification (2025)
- Latent Danger Zone: Distilling Unified Attention for Cross-Architecture Black-box Attacks (2025)
- DARD: Dice Adversarial Robustness Distillation against Adversarial Attacks (2025)
- DAASH: A Meta-Attack Framework for Synthesizing Effective and Stealthy Adversarial Examples (2025)
- PromptFlare: Prompt-Generalized Defense via Cross-Attention Decoy in Diffusion-Based Inpainting (2025)
Please give a thumbs up to this comment if you found it helpful!
If you want recommendations for any Paper on Hugging Face checkout this Space
You can directly ask Librarian Bot for paper recommendations by tagging it in a comment:
@librarian-bot
recommend
Models citing this paper 0
No model linking this paper
Datasets citing this paper 0
No dataset linking this paper
Spaces citing this paper 0
No Space linking this paper
Collections including this paper 0
No Collection including this paper