Proceedings of International Conference on Applied Innovation in IT  ·  2026/03/31  ·  Vol. 14  ·  Issue 1  ·  pp. 1149–1160
A Diffusion–Osmosis Mathematical Model for Adversarial Attack Propagation and Defense in Cyber Security
Basim Najim AL-Din Abed, Sundus Hatem Majeed and J. Karimpour
📄 Download PDF DOI: 10.25673/123709
Abstract
There is an increasing concern about adversarial attacks on contemporary AI systems such as deep neural networks. Adversaries generate adversarial perturbations that can significantly reduce the prediction accuracy of deep learning models. This paper introduces a diffusion–osmosis PDE model to capture the dynamics of the generation and elimination of adversarial perturbations. Specifically, we formulate the diffusion term to model the spreading of the adversarial energy, and osmosis term to purify the perturbation energy selectively. Different from existing empirical approaches, the introduced mathematical model enjoys theoretical stability guarantees obtained based on energy analysis. Theorems prove that when parameters meet specific constraints, the coupled PDE system ensures the decay of the adversarial perturbations asymptotically. Experimental results on synthetic data and image data verify the effectiveness of the proposed model in decreasing the perturbation energy and recovering the classification ability of CNNs. In addition, we incorporate the proposed model into a CNN defense architecture for pre-processing adversarial samples and evaluate its performance on the popular benchmark dataset, CIFAR-10, under the FGSM and PGD attacks.
Keywords
Adversarial Attack Cyber-Attacks Diffusion Osmosis.
References
  1. P. W. Singer and A. Friedman, Cybersecurity and Cyberwar: What Everyone Needs to Know, Oxford, U.K.: Oxford University Press, 2014.
  2. T. Zegers et al., “AI-driven threats in cyberspace: Emerging challenges and mitigation strategies,” Computers & Security, vol. 118, art. 102732, 2022.
  3. I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” in Proc. Int. Conf. on Learning Representations (ICLR), 2015.
  4. T. Nguyen et al., “Deepfake detection: A survey on challenges and recent advances,” ACM Computing Surveys, vol. 55, no. 7, pp. 1-37, 2023.
  5. C. Szegedy et al., “Intriguing properties of neural networks,” in Proc. Int. Conf. on Learning Representations (ICLR), 2014.
  6. A. Madry et al., “Towards deep learning models resistant to adversarial attacks,” in Proc. Int. Conf. on Learning Representations (ICLR), 2018.
  7. R. Vinayakumar et al., “Deep learning for cybersecurity: A comprehensive review,” IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3460-3518, 2019.
  8. R. Sommer and V. Paxson, “Outside the closed world: On using machine learning for network intrusion detection,” in Proc. IEEE Symposium on Security and Privacy (SP), pp. 305-316, 2010.
  9. N. Papernot, P. McDaniel, and I. Goodfellow, “Transferability in machine learning: From phenomena to black-box attacks using adversarial samples,” arXiv preprint arXiv:1605.07277, 2016.
  10. F. Tramer et al., “Ensemble adversarial training: Attacks and defenses,” in Proc. Int. Conf. on Learning Representations (ICLR), 2018.
  11. W. Xu, D. Evans, and Y. Qi, “Feature squeezing: Detecting adversarial examples in deep neural networks,” in Proc. Network and Distributed System Security Symposium (NDSS), 2018.
  12. P. Perona and J. Malik, “Scale-space and edge detection using anisotropic diffusion,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 12, no. 7, pp. 629-639, 1990.
  13. L. C. Evans, Partial Differential Equations, Providence, RI: American Mathematical Society, 2010.
  14. J. Weickert, Anisotropic Diffusion in Image Processing, Stuttgart, Germany: Teubner, 1998.
  15. J. Karimpour et al., “Biologically inspired mathematical models for adversarial defense,” Journal of Applied Cybersecurity Mathematics, vol. 5, no. 2, pp. 44-61, 2023.
  16. J. Crank, The Mathematics of Diffusion, Oxford, U.K.: Oxford University Press, 1975.
  17. E. F. Keller and L. A. Segel, “Initiation of slime mold aggregation viewed as an instability,” Journal of Theoretical Biology, vol. 26, no. 3, pp. 399-415, 1970.
  18. T. Alpcan and T. Başar, Network Security: A Decision and Game-Theoretic Approach, Cambridge, U.K.: Cambridge University Press, 2010.
  19. S. Zhai et al., “Cyber-physical system security: A survey,” IEEE Internet of Things Journal, vol. 8, no. 11, pp. 8759-8781, 2021.
  20. B. N. Abed, J. Karimpour, and F. Mahan, “A diffusion-osmosis model for adversarial purification in deepfake defense,” Cybersecurity and Intelligent Systems Journal, vol. 3, no. 4, pp. 120-135, 2024.
  21. S. H. Majeed, “A cyber security model using Gaussian noise for text encryption and decryption algorithm,” JOIV: International Journal on Informatics Visualization, vol. 9, no. 5, pp. 1871-1880, 2025.

Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0  ·  This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License

ICAIIT 2026
International Conference on Applied Innovation in IT
Navigation
Publisher
ISSN2199-8876
Publisher Edition Hochschule Anhalt
Location Anhalt University of Applied Sciences
Email leiterin.hsb@hs-anhalt.de
Phone +49 (0) 3496 67 5611
Address Building 01, Room 425
Bernburger Str. 55
D-06366 Köthen, Germany
Open Access License
CC BY-SA 4.0

All works are licensed under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA 4.0), unless otherwise noted.

Published by ICAIIT in cooperation with Anhalt University of Applied Sciences.

© 2026 ICAIIT — International Conference on Applied Innovations in IT. Anhalt University of Applied Sciences, Köthen, Germany.
Visitors: site traffic counter