It has been recognized that the data generated by the denoising diffusion probabilistic model (DDPM) improves adversarial training. After two years of rapid development in diffusion models, a question naturally arises: can better diffusion models further improve adversarial training? This paper gives an affirmative answer by employing the most recent diffusion model which has higher efficiency ($\sim 20$ sampling steps) and image quality (lower FID score) compared with DDPM. Our adversarially trained models achieve state-of-the-art performance on RobustBench using only generated data (no external datasets). Under the $\ell_\infty$-norm threat model with $\epsilon=8/255$, our models achieve $70.69\%$ and $42.67\%$ robust accuracy on CIFAR-10 and CIFAR-100, respectively, i.e. improving upon previous state-of-the-art models by $+4.58\%$ and $+8.03\%$. Under the $\ell_2$-norm threat model with $\epsilon=128/255$, our models achieve $84.86\%$ on CIFAR-10 ($+4.44\%$). These results also beat previous works that use external data. We also provide compelling results on the SVHN and TinyImageNet datasets. Our code is available at https://github.com/wzekai99/DM-Improves-AT.

翻译：人们已经认识到，去噪扩散概率模型（DDPM）生成的数据能提升对抗训练。经过两年扩散模型的快速发展，一个自然的问题随之产生：更好的扩散模型是否能进一步提升对抗训练？本文通过使用相比DDPM具有更高效率（约20步采样）和更优图像质量（更低的FID分数）的最新扩散模型，给出了肯定回答。我们的对抗训练模型仅使用生成数据（无外部数据集）便在RobustBench上达到了最优性能。在$\ell_\infty$-范数威胁模型（$\epsilon=8/255$）下，我们的模型在CIFAR-10和CIFAR-100上分别达到$70.69\%$和$42.67\%$的鲁棒准确率，相比之前最优模型提升了$+4.58\%$和$+8.03\%$。在$\ell_2$-范数威胁模型（$\epsilon=128/255$）下，我们的模型在CIFAR-10上达到$84.86\%$（提升$+4.44\%$）。这些结果也超越了先前使用外部数据的工作。我们还在SVHN和TinyImageNet数据集上提供了令人信服的结果。我们的代码开源在https://github.com/wzekai99/DM-Improves-AT。