Expanding the Role of Diffusion Models for Robust Classifier Training

Incorporating diffusion-generated synthetic data into adversarial training (AT) has been shown to substantially improve the training of robust image classifiers. In this work, we extend the role of diffusion models beyond merely generating synthetic data, examining whether their internal representations, which encode meaningful features of the data, can provide additional benefits for robust classifier training. Through systematic experiments, we show that diffusion models offer representations that are both diverse and partially robust, and that explicitly incorporating diffusion representations as an auxiliary learning signal during AT consistently improves robustness across settings. Furthermore, our representation analysis indicates that incorporating diffusion models into AT encourages more disentangled features, while diffusion representations and diffusion-generated synthetic data play complementary roles in shaping representations. Experiments on CIFAR-10, CIFAR-100, and ImageNet validate these findings, demonstrating the effectiveness of jointly leveraging diffusion representations and synthetic data within AT.

Key Contributions

• Demonstrates that diffusion model internal representations are both diverse and partially robust, making them valuable beyond synthetic data generation
• Proposes Diffusion Representation Alignment (DRA), which uses an auxiliary projection head to align classifier representations with diffusion model features during adversarial training
• Shows that diffusion representations and diffusion-generated synthetic data play complementary roles, and their joint use encourages more disentangled classifier features

🛡️ Threat Analysis

Details

Similar Papers