English

Adversarial Attacks to Multi-Modal Models

Cryptography and Security 2024-09-25 v2 Information Retrieval Machine Learning

Abstract

Multi-modal models have gained significant attention due to their powerful capabilities. These models effectively align embeddings across diverse data modalities, showcasing superior performance in downstream tasks compared to their unimodal counterparts. Recent study showed that the attacker can manipulate an image or audio file by altering it in such a way that its embedding matches that of an attacker-chosen targeted input, thereby deceiving downstream models. However, this method often underperforms due to inherent disparities in data from different modalities. In this paper, we introduce CrossFire, an innovative approach to attack multi-modal models. CrossFire begins by transforming the targeted input chosen by the attacker into a format that matches the modality of the original image or audio file. We then formulate our attack as an optimization problem, aiming to minimize the angular deviation between the embeddings of the transformed input and the modified image or audio file. Solving this problem determines the perturbations to be added to the original media. Our extensive experiments on six real-world benchmark datasets reveal that CrossFire can significantly manipulate downstream tasks, surpassing existing attacks. Additionally, we evaluate six defensive strategies against CrossFire, finding that current defenses are insufficient to counteract our CrossFire.

Keywords

Cite

@article{arxiv.2409.06793,
  title  = {Adversarial Attacks to Multi-Modal Models},
  author = {Zhihao Dou and Xin Hu and Haibo Yang and Zhuqing Liu and Minghong Fang},
  journal= {arXiv preprint arXiv:2409.06793},
  year   = {2024}
}

Comments

To appear in the ACM Workshop on Large AI Systems and Models with Privacy and Safety Analysis 2024 (LAMPS '24)

R2 v1 2026-06-28T18:40:23.281Z