CoCA: Regaining Safety-awareness of Multimodal Large Language Models with Constitutional Calibration

arXiv - CS - Computation and Language Pub Date : 2024-09-17 DOI:arxiv-2409.11365

Jiahui Gao, Renjie Pi, Tianyang Han, Han Wu, Lanqing Hong, Lingpeng Kong, Xin Jiang, Zhenguo Li

{"title":"CoCA: Regaining Safety-awareness of Multimodal Large Language Models with Constitutional Calibration","authors":"Jiahui Gao, Renjie Pi, Tianyang Han, Han Wu, Lanqing Hong, Lingpeng Kong, Xin Jiang, Zhenguo Li","doi":"arxiv-2409.11365","DOIUrl":null,"url":null,"abstract":"The deployment of multimodal large language models (MLLMs) has demonstrated\nremarkable success in engaging in conversations involving visual inputs, thanks\nto the superior power of large language models (LLMs). Those MLLMs are\ntypically built based on the LLMs, with an image encoder to process images into\nthe token embedding space of the LLMs. However, the integration of visual\nmodality has introduced a unique vulnerability: the MLLM becomes susceptible to\nmalicious visual inputs and prone to generating sensitive or harmful responses,\neven though the LLM has been trained on textual dataset to align with human\nvalue. In this paper, we first raise the question: ``Do the MLLMs possess\nsafety-awareness against malicious image inputs?\". We find that after adding a\nprinciple that specifies the safety requirement into the input of the MLLM, the\nmodel's safety awareness becomes boosted. This phenomenon verifies the\nexistence of MLLM's safety-awareness against image inputs, it is only weakened\nby the modality gap. We then introduce a simple yet effective technique termed\nCoCA, which amplifies the safety-awareness of the MLLM by calibrating its\noutput distribution. Our proposed strategy helps the model reclaim its original\nsafety awareness without losing its original capabilities. We verify the\neffectiveness of our approach on both multimodal safety and understanding\nbenchmarks.","PeriodicalId":501030,"journal":{"name":"arXiv - CS - Computation and Language","volume":"18 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Computation and Language","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.11365","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

The deployment of multimodal large language models (MLLMs) has demonstrated remarkable success in engaging in conversations involving visual inputs, thanks to the superior power of large language models (LLMs). Those MLLMs are typically built based on the LLMs, with an image encoder to process images into the token embedding space of the LLMs. However, the integration of visual modality has introduced a unique vulnerability: the MLLM becomes susceptible to malicious visual inputs and prone to generating sensitive or harmful responses, even though the LLM has been trained on textual dataset to align with human value. In this paper, we first raise the question: ``Do the MLLMs possess safety-awareness against malicious image inputs?". We find that after adding a principle that specifies the safety requirement into the input of the MLLM, the model's safety awareness becomes boosted. This phenomenon verifies the existence of MLLM's safety-awareness against image inputs, it is only weakened by the modality gap. We then introduce a simple yet effective technique termed CoCA, which amplifies the safety-awareness of the MLLM by calibrating its output distribution. Our proposed strategy helps the model reclaim its original safety awareness without losing its original capabilities. We verify the effectiveness of our approach on both multimodal safety and understanding benchmarks.

查看原文本刊更多论文

CoCA：通过宪法校准恢复多模态大型语言模型的安全意识

多模态大型语言模型（MLLMs）的应用在涉及视觉输入的对话中取得了显著的成功，这要归功于大型语言模型（LLMs）的卓越功能。这些 MLLM 通常以 LLM 为基础构建，并使用图像编码器在 LLM 的标记嵌入空间中处理图像。然而，视觉模式的集成带来了一个独特的弱点：MLLM 容易受到恶意视觉输入的影响，并容易产生敏感或有害的反应，即使 LLM 已经在文本数据集上进行了训练，以符合人类的价值。在本文中，我们首先提出了一个问题："MLLM 对恶意图像输入具有安全意识吗？我们发现，在MLLM的输入中加入一个指定安全要求的原则后，模型的安全意识得到了提升。这一现象验证了 MLLM 对图像输入的安全意识的存在，只是由于模态差距而被削弱了。然后，我们引入了一种简单而有效的技术，即校准（CoCA）技术，它通过校准 MLLM 的输出分布来增强 MLLM 的安全意识。我们提出的策略有助于模型恢复其原有的安全意识，同时又不丧失其原有的能力。我们在多模态安全和理解基准测试中验证了这种方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

arXiv - CS - Computation and Language

自引率

0.00%

发文量