Train-time data poisoning attacks threaten machine learning models by introducing adversarial examples during training, leading to misclassification. Current defense methods often reduce generalization performance, are attack-specific, and impose significant training overhead. To address this, we introduce a set of universal data purification methods using a stochastic transform, $\Psi(x)$, realized via iterative Langevin dynamics of Energy-Based Models (EBMs), Denoising Diffusion Probabilistic Models (DDPMs), or both. These approaches purify poisoned data with minimal impact on classifier generalization. Our specially trained EBMs and DDPMs provide state-of-the-art defense against various attacks (including Narcissus, Bullseye Polytope, Gradient Matching) on CIFAR-10, Tiny-ImageNet, and CINIC-10, without needing attack or classifier-specific information. We discuss performance trade-offs and show that our methods remain highly effective even with poisoned or distributionally shifted generative model training data.

利用随机变换介绍的普遍数据净化方法，通过迭代 Langevin 动力学算法行为模型（EBMs）、去噪扩散概率模型（DDPMs）或两者的能量波动来净化被污染的数据，最小化对分类器泛化性能的影响，并在 CIFAR-10、Tiny-ImageNet 和 CINIC-10 上提供针对多种攻击（包括 Narcissus、Bullseye Polytope 和 Gradient Matching）的最新防御，而无需攻击或分类器特定信息。

PureGen: 通用数据净化方法——基于生成模型动态的训练时毒素防御