FlowPure: Continuous Normalizing Flows for Adversarial Purification

ArXi:2505.13280v2 Announce Type: replace-cross Despite significant advances in the area, adversarial robustness remains a critical challenge in systems employing machine learning models. The removal of adversarial perturbations at inference time, known as adversarial purification, has emerged as a promising defense strategy. To achieve this, state-of-the-art methods leverage diffusion models that inject Gaussian noise during a forward process to dilute adversarial perturbations, followed by a denoising step to re clean samples before classification.