FMM-Attack: A Flow-based Multi-modal Adversarial Attack on Video-based LLMs

TL;DR

This paper introduces FMM-Attack, a novel flow-based multi-modal adversarial attack targeting video-based large language models, demonstrating its effectiveness in causing incorrect or hallucinated outputs with imperceptible perturbations.

Contribution

It is the first attack specifically designed for video-based LLMs using flow-based multi-modal perturbations on selected frames, revealing vulnerabilities and prompting further research on robustness.

Findings

Effective in causing incorrect answers in video-based LLMs

Induces hallucinations and garbling in model outputs

Perturbations are imperceptible to humans

Abstract

Despite the remarkable performance of video-based large language models (LLMs), their adversarial threat remains unexplored. To fill this gap, we propose the first adversarial attack tailored for video-based LLMs by crafting flow-based multi-modal adversarial perturbations on a small fraction of frames within a video, dubbed FMM-Attack. Extensive experiments show that our attack can effectively induce video-based LLMs to generate incorrect answers when videos are added with imperceptible adversarial perturbations. Intriguingly, our FMM-Attack can also induce garbling in the model output, prompting video-based LLMs to hallucinate. Overall, our observations inspire a further understanding of multi-modal robustness and safety-related feature alignment across different modalities, which is of great importance for various large multi-modal models. Our code is available at https://github.com/THU-Kingmin/FMM-Attack.