Stable Diffusion (SD) often produces degraded outputs when the training dataset contains adversarial noise. Adversarial purification offers a promising solution by removing adversarial noise from contaminated data. However, existing purification methods are primarily designed for classification tasks and fail to address SD-specific adversarial strategies, such as attacks targeting the VAE encoder, UNet denoiser, or both. To address the gap in SD security, we propose Universal Diffusion Adversarial Purification (UDAP), a novel framework tailored for defending adversarial attacks targeting SD models. UDAP leverages the distinct reconstruction behaviors of clean and adversarial images during Denoising Diffusion Implicit Models (DDIM) inversion to optimize the purification process. By minimizing the DDIM metric loss, UDAP can effectively remove adversarial noise. Additionally, we introduce a dynamic epoch adjustment strategy that adapts optimization iterations based on reconstruction errors, significantly improving efficiency without sacrificing purification quality. Experiments demonstrate UDAP's robustness against diverse adversarial methods, including PID (VAE-targeted), Anti-DreamBooth (UNet-targeted), MIST (hybrid), and robustness-enhanced variants like Anti-Diffusion (Anti-DF) and MetaCloak. UDAP also generalizes well across SD versions and text prompts, showcasing its practical applicability in real-world scenarios.

翻译：当训练数据集中包含对抗性噪声时，稳定扩散（SD）模型常产生质量退化的输出。对抗净化通过从受污染数据中移除对抗性噪声，为此问题提供了有前景的解决方案。然而，现有净化方法主要针对分类任务设计，未能应对SD特有的对抗策略，例如针对VAE编码器、UNet去噪器或两者同时的攻击。为填补SD安全领域的空白，我们提出通用扩散对抗净化（UDAP）——一个专为防御针对SD模型的对抗攻击而设计的新型框架。UDAP利用干净图像与对抗图像在去噪扩散隐式模型（DDIM）反转过程中表现出的重构行为差异，以此优化净化流程。通过最小化DDIM度量损失，UDAP能有效消除对抗性噪声。此外，我们引入了动态轮次调整策略，该策略根据重构误差自适应优化迭代次数，在保持净化质量的同时显著提升效率。实验表明，UDAP对多种对抗方法均表现出鲁棒性，包括PID（VAE定向攻击）、Anti-DreamBooth（UNet定向攻击）、MIST（混合攻击）及其鲁棒性增强变体如Anti-Diffusion（Anti-DF）和MetaCloak。UDAP在不同SD版本和文本提示条件下均具有良好的泛化能力，展现了其在真实场景中的实际应用价值。