【多模态攻击】Data Poisoning Attacks Against Multimodal Encoders

原文标题: Data Poisoning Attacks Against Multimodal Encoders
原文代码: https://github.com/zqypku/mm_poison/
发布年度: 2023
发布期刊: ICML


摘要

Recently, the newly emerged multimodal models, which leverage both visual and linguistic modalities to train powerful encoders, have gained increasing attention. However, learning from a large-scale unlabeled dataset also exposes the model to the risk of potential poisoning attacks, whereby the adversary aims to perturb the model’s training data to trigger malicious behaviors in it. In contrast to previous work, only poisoning visual modality, in this work, we take the first step to studying poisoning attacks against multimodal models in both visual and linguistic modalities. Specially, we focus on answering two questions: (1) Is the linguistic modality also vulnerable to poisoning attacks? and (2) Which modality is most vulnerable? To answer the two questions, we propose three types of poisoning attacks against multimodal models. Extensive evaluations on different datasets and model architectures show that all three attacks can achieve significant attack performance while maintaining model utility in both visual and linguistic modalities. Furthermore, we observe that the poisoning effect differs between different modalities. To mitigate the attacks, we propose both pretraining and post-training defenses. We empirically show that both defenses can significantly reduce the attack performance while preserving the model’s utility.Recently, the newly emerged multimodal models, which leverage both visual and linguistic modalities to train powerful encoders, have gained increasing attention. However, learning from a large-scale unlabeled dataset also exposes the model to the risk of potential poisoning attacks, whereby the adversary aims to perturb the model’s training data to trigger malicious behaviors in it. In contrast to previous work, only poisoning visual modality, in this work, we take the first step to studying poisoning attacks against multimodal models in both visual and linguistic modalities. Specially, we focus on answering two questions: (1) Is the linguistic modality also vulnerable to poisoning attacks? and (2) Which modality is most vulnerable? To answer the two questions, we propose three types of poisoning attacks against multimodal models. Extensive evaluations on different datasets and model architectures show that all three attacks can achieve significant attack performance while maintaining model utility in both visual and linguistic modalities. Furthermore, we observe that the poisoning effect differs between different modalities. To mitigate the attacks, we propose both pretraining and post-training defenses. We empirically show that both defenses can significantly reduce the attack performance while preserving the model’s utility.


背景

由于多模态模型总是需要大量的数据进行训练,因此数据也可能是嘈杂的,容易中毒。目前抵御多模态中毒攻击的工作中,主要关注毒害图像编码器,以便编码器在下游图像分类任务中表现出色,即主要针对视觉模态而忽略语言模态。然而,语言模态对中毒攻击的脆弱性也值得研究。

创新点

本文对多模态模型的中毒攻击进行了全面研究。由于旨在研究视觉和语言模式,因此选择了图像搜索引擎场景下的文本图像检索任务。给定描述(文本)作为输入,图像搜索引擎可以从数据库中检索图像,其嵌入最接近输入描述的嵌入,这有效地桥接了视觉和语言模式。

  • 18
    点赞
  • 25
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值