Adversarial Attacks to Multi-Modal Models

arXiv - CS - Information Retrieval Pub Date : 2024-09-10 DOI:arxiv-2409.06793

Zhihao Dou, Xin Hu, Haibo Yang, Zhuqing Liu, Minghong Fang

{"title":"Adversarial Attacks to Multi-Modal Models","authors":"Zhihao Dou, Xin Hu, Haibo Yang, Zhuqing Liu, Minghong Fang","doi":"arxiv-2409.06793","DOIUrl":null,"url":null,"abstract":"Multi-modal models have gained significant attention due to their powerful\ncapabilities. These models effectively align embeddings across diverse data\nmodalities, showcasing superior performance in downstream tasks compared to\ntheir unimodal counterparts. Recent study showed that the attacker can\nmanipulate an image or audio file by altering it in such a way that its\nembedding matches that of an attacker-chosen targeted input, thereby deceiving\ndownstream models. However, this method often underperforms due to inherent\ndisparities in data from different modalities. In this paper, we introduce\nCrossFire, an innovative approach to attack multi-modal models. CrossFire\nbegins by transforming the targeted input chosen by the attacker into a format\nthat matches the modality of the original image or audio file. We then\nformulate our attack as an optimization problem, aiming to minimize the angular\ndeviation between the embeddings of the transformed input and the modified\nimage or audio file. Solving this problem determines the perturbations to be\nadded to the original media. Our extensive experiments on six real-world\nbenchmark datasets reveal that CrossFire can significantly manipulate\ndownstream tasks, surpassing existing attacks. Additionally, we evaluate six\ndefensive strategies against CrossFire, finding that current defenses are\ninsufficient to counteract our CrossFire.","PeriodicalId":501281,"journal":{"name":"arXiv - CS - Information Retrieval","volume":"44 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Information Retrieval","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.06793","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Multi-modal models have gained significant attention due to their powerful capabilities. These models effectively align embeddings across diverse data modalities, showcasing superior performance in downstream tasks compared to their unimodal counterparts. Recent study showed that the attacker can manipulate an image or audio file by altering it in such a way that its embedding matches that of an attacker-chosen targeted input, thereby deceiving downstream models. However, this method often underperforms due to inherent disparities in data from different modalities. In this paper, we introduce CrossFire, an innovative approach to attack multi-modal models. CrossFire begins by transforming the targeted input chosen by the attacker into a format that matches the modality of the original image or audio file. We then formulate our attack as an optimization problem, aiming to minimize the angular deviation between the embeddings of the transformed input and the modified image or audio file. Solving this problem determines the perturbations to be added to the original media. Our extensive experiments on six real-world benchmark datasets reveal that CrossFire can significantly manipulate downstream tasks, surpassing existing attacks. Additionally, we evaluate six defensive strategies against CrossFire, finding that current defenses are insufficient to counteract our CrossFire.

查看原文本刊更多论文

多模态模型的对抗性攻击

多模态模型因其强大的功能而备受关注。与单模态模型相比，这些模型能有效地调整不同数据模态的嵌入，在下游任务中表现出卓越的性能。最近的研究表明，攻击者可以通过改变图像或音频文件，使其嵌入与攻击者选择的目标输入相匹配，从而欺骗下游模型。然而，由于来自不同模态的数据存在固有差异，这种方法往往效果不佳。本文介绍了一种攻击多模态模型的创新方法--CrossFire。CrossFire 首先将攻击者选择的目标输入转换成与原始图像或音频文件的模态相匹配的格式。然后，我们将攻击表述为一个优化问题，旨在最小化转换后的输入与修改后的图像或音频文件的嵌入之间的角度偏差。解决这个问题就能确定要添加到原始媒体中的扰动。我们在六个真实世界基准数据集上进行了广泛的实验，结果表明 CrossFire 能够显著操纵下游任务，超越了现有的攻击。此外，我们还评估了针对 CrossFire 的六种防御策略，发现当前的防御措施不足以对抗我们的 CrossFire。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Information Retrieval

自引率

0.00%

发文量