Adversarial attacks persist as a major challenge in deep learning. While training- and test-time defenses are well-studied, they often reduce clean accuracy, incur high cost, or fail under adaptive threats. In contrast, preemptive defenses, which perturb media before release, offer a practical alternative but remain slow, model-coupled, and brittle. We propose the Minimal Sufficient Preemptive Defense (MSPD), a fast, transferable framework that defends against future attacks without access to the target model or gradients. MSPD is driven by Minimal Cascade Gradient Smoothing (MCGS), a two-epoch optimization paradigm executed on a surrogate backbone. This defines a minimal yet effective regime for robust generalization across unseen models and attacks. MSPD runs at 0.02s/image (CIFAR-10) and 0.26s/image (ImageNet), 28--1696 times faster than prior preemptive methods, while improving robust accuracy by +5% and clean accuracy by +3.7% across 11 models and 7 attacks. To evaluate adaptive robustness, we introduce Preemptive Reversion, the first white-box diagnostic attack that cancels preemptive perturbations under full gradient access. Even in this setting, MSPD retains a +2.2% robustness margin over the baseline. In practice, when gradients are unavailable, MSPD remains reliable and efficient. MSPD, MCGS, and Preemptive Reversion are each supported by formal theoretical proofs. The implementation is available at https://github.com/azrealwang/MSPD.

翻译：对抗攻击仍然是深度学习领域的主要挑战。尽管训练时和测试时的防御方法已得到充分研究，但它们通常会降低干净准确率、产生高昂计算成本或在自适应威胁下失效。相比之下，抢占式防御（即在媒体发布前对其施加扰动）提供了一种实用替代方案，但现有方法仍存在速度慢、与模型耦合性强及鲁棒性不足的问题。本文提出最小充分抢占式防御（MSPD），这是一种快速、可迁移的防御框架，能够在无需访问目标模型或梯度的情况下防御未来攻击。MSPD的核心驱动力是最小化级联梯度平滑（MCGS），这是一种在代理骨干网络上执行的双周期优化范式。该范式定义了一个最小化但有效的机制，以实现对未见模型和攻击的鲁棒泛化。MSPD在CIFAR-10数据集上的处理速度为0.02秒/图像，在ImageNet数据集上为0.26秒/图像，比现有抢占式方法快28至1696倍，同时在11种模型和7种攻击测试中，将鲁棒准确率提升5%，干净准确率提升3.7%。为评估自适应鲁棒性，我们提出抢占式逆转攻击——首个在白盒设置下通过完全梯度访问来抵消抢占式扰动的诊断性攻击。即使在此极端设定下，MSPD仍能保持比基线方法高2.2%的鲁棒性优势。在实际梯度不可用的场景中，MSPD依然保持可靠性与高效性。MSPD、MCGS及抢占式逆转攻击均配有严格的理论证明。代码实现已发布于https://github.com/azrealwang/MSPD。