It has been recognized that the data generated by the denoising diffusion probabilistic model (DDPM) improves adversarial training. After two years of rapid development in diffusion models, a question naturally arises: can better diffusion models further improve adversarial training? This paper gives an affirmative answer by employing the most recent diffusion model which has higher efficiency ($\sim 20$ sampling steps) and image quality (lower FID score) compared with DDPM. Our adversarially trained models achieve state-of-the-art performance on RobustBench using only generated data (no external datasets). Under the $\ell_\infty$-norm threat model with $\epsilon=8/255$, our models achieve $70.69\%$ and $42.67\%$ robust accuracy on CIFAR-10 and CIFAR-100, respectively, i.e. improving upon previous state-of-the-art models by $+4.58\%$ and $+8.03\%$. Under the $\ell_2$-norm threat model with $\epsilon=128/255$, our models achieve $84.86\%$ on CIFAR-10 ($+4.44\%$). These results also beat previous works that use external data. Our code is available at https://github.com/wzekai99/DM-Improves-AT.

翻译：去噪扩散概率模型（DDPM）生成的数据能够改善对抗训练，这一认识已被广泛认可。经过两年扩散模型的快速发展，自然产生一个问题：更好的扩散模型能否进一步提升对抗训练？本文通过采用最新的扩散模型给出了肯定答案，该模型相比DDPM具有更高的效率（约20个采样步骤）和更优的图像质量（更低的FID分数）。我们的对抗训练模型在仅使用生成数据（无外部数据集）的条件下，在RobustBench上达到了最先进的性能。在$\ell_\infty$范数威胁模型（$\epsilon=8/255$）下，我们的模型在CIFAR-10和CIFAR-100上分别达到了$70.69\%$和$42.67\%$的鲁棒准确率，相比此前最优模型分别提升了$+4.58\%$和$+8.03\%$。在$\ell_2$范数威胁模型（$\epsilon=128/255$）下，我们的模型在CIFAR-10上达到$84.86\%$（提升$+4.44\%$）。这些结果也超越了此前使用外部数据的工作。我们的代码开源于https://github.com/wzekai99/DM-Improves-AT。