[2505.13280] FlowPure: Continuous Normalizing Flows for Adversarial Purification

Computer Science > Machine Learning arXiv:2505.13280 (cs) [Submitted on 19 May 2025 (v1), last revised 30 Mar 2026 (this version, v2)] Title:FlowPure: Continuous Normalizing Flows for Adversarial Purification Authors:Elias Collaert, Abel Rodríguez, Sander Joos, Lieven Desmet, Vera Rimmer View a PDF of the paper titled FlowPure: Continuous Normalizing Flows for Adversarial Purification, by Elias Collaert and 3 other authors View PDF HTML (experimental) Abstract:Despite significant advances in the area, adversarial robustness remains a critical challenge in systems employing machine learning models. The removal of adversarial perturbations at inference time, known as adversarial purification, has emerged as a promising defense strategy. To achieve this, state-of-the-art methods leverage diffusion models that inject Gaussian noise during a forward process to dilute adversarial perturbations, followed by a denoising step to restore clean samples before classification. In this work, we propose FlowPure, a novel purification method based on Continuous Normalizing Flows (CNFs) trained with Conditional Flow Matching (CFM) to learn mappings from adversarial examples to their clean counterparts. Unlike prior diffusion-based approaches that rely on fixed noise processes, FlowPure can leverage specific attack knowledge to improve robustness under known threats, while also supporting a more general stochastic variant trained on Gaussian perturbations for settings where such knowledge i...