Phase and Amplitude-aware Prompting for Enhancing Adversarial Robustness

Yibo Xu, Dawei Zhou, Decheng Liu, Nannan Wang
Proceedings of the 42nd International Conference on Machine Learning, PMLR 267:69921-69935, 2025.

Abstract

Deep neural networks are found to be vulnerable to adversarial perturbations. The prompt-based defense has been increasingly studied due to its high efficiency. However, existing prompt-based defenses mainly exploited mixed prompt patterns, where critical patterns closely related to object semantics lack sufficient focus. The phase and amplitude spectra have been proven to be highly related to specific semantic patterns and crucial for robustness. To this end, in this paper, we propose a Phase and Amplitude-aware Prompting (PAP) defense. Specifically, we construct phase-level and amplitude-level prompts for each class, and adjust weights for prompting according to the model’s robust performance under these prompts during training. During testing, we select prompts for each image using its predicted label to obtain the prompted image, which is inputted to the model to get the final prediction. Experimental results demonstrate the effectiveness of our method.

Cite this Paper

BibTeX
@InProceedings{pmlr-v267-xu25al, title = {Phase and Amplitude-aware Prompting for Enhancing Adversarial Robustness}, author = {Xu, Yibo and Zhou, Dawei and Liu, Decheng and Wang, Nannan}, booktitle = {Proceedings of the 42nd International Conference on Machine Learning}, pages = {69921--69935}, year = {2025}, editor = {Singh, Aarti and Fazel, Maryam and Hsu, Daniel and Lacoste-Julien, Simon and Berkenkamp, Felix and Maharaj, Tegan and Wagstaff, Kiri and Zhu, Jerry}, volume = {267}, series = {Proceedings of Machine Learning Research}, month = {13--19 Jul}, publisher = {PMLR}, pdf = {https://raw.githubusercontent.com/mlresearch/v267/main/assets/xu25al/xu25al.pdf}, url = {https://proceedings.mlr.press/v267/xu25al.html}, abstract = {Deep neural networks are found to be vulnerable to adversarial perturbations. The prompt-based defense has been increasingly studied due to its high efficiency. However, existing prompt-based defenses mainly exploited mixed prompt patterns, where critical patterns closely related to object semantics lack sufficient focus. The phase and amplitude spectra have been proven to be highly related to specific semantic patterns and crucial for robustness. To this end, in this paper, we propose a Phase and Amplitude-aware Prompting (PAP) defense. Specifically, we construct phase-level and amplitude-level prompts for each class, and adjust weights for prompting according to the model’s robust performance under these prompts during training. During testing, we select prompts for each image using its predicted label to obtain the prompted image, which is inputted to the model to get the final prediction. Experimental results demonstrate the effectiveness of our method.} }
Endnote
%0 Conference Paper %T Phase and Amplitude-aware Prompting for Enhancing Adversarial Robustness %A Yibo Xu %A Dawei Zhou %A Decheng Liu %A Nannan Wang %B Proceedings of the 42nd International Conference on Machine Learning %C Proceedings of Machine Learning Research %D 2025 %E Aarti Singh %E Maryam Fazel %E Daniel Hsu %E Simon Lacoste-Julien %E Felix Berkenkamp %E Tegan Maharaj %E Kiri Wagstaff %E Jerry Zhu %F pmlr-v267-xu25al %I PMLR %P 69921--69935 %U https://proceedings.mlr.press/v267/xu25al.html %V 267 %X Deep neural networks are found to be vulnerable to adversarial perturbations. The prompt-based defense has been increasingly studied due to its high efficiency. However, existing prompt-based defenses mainly exploited mixed prompt patterns, where critical patterns closely related to object semantics lack sufficient focus. The phase and amplitude spectra have been proven to be highly related to specific semantic patterns and crucial for robustness. To this end, in this paper, we propose a Phase and Amplitude-aware Prompting (PAP) defense. Specifically, we construct phase-level and amplitude-level prompts for each class, and adjust weights for prompting according to the model’s robust performance under these prompts during training. During testing, we select prompts for each image using its predicted label to obtain the prompted image, which is inputted to the model to get the final prediction. Experimental results demonstrate the effectiveness of our method.
APA
Xu, Y., Zhou, D., Liu, D. & Wang, N.. (2025). Phase and Amplitude-aware Prompting for Enhancing Adversarial Robustness. Proceedings of the 42nd International Conference on Machine Learning, in Proceedings of Machine Learning Research 267:69921-69935 Available from https://proceedings.mlr.press/v267/xu25al.html.

Related Material