Few-Shot Adversarial Prompt Learning on Vision-Language Models

TL;DR

This paper introduces a few-shot adversarial prompt learning framework for vision-language models, significantly improving adversarial robustness with minimal data by end-to-end learning of adversarial text supervision.

Contribution

It proposes a novel few-shot adversarial prompt method that enhances robustness and cross-modal alignment using adversarially correlated text supervision and a new training objective.

Findings

Achieves state-of-the-art zero-shot adversarial robustness with only 1% training data.

Improves cross-modal adversarial alignment compared to previous methods.

Enhances feature consistency and differentiation between natural and adversarial examples.

Abstract

The vulnerability of deep neural networks to imperceptible adversarial perturbations has attracted widespread attention. Inspired by the success of vision-language foundation models, previous efforts achieved zero-shot adversarial robustness by aligning adversarial visual features with text supervision. However, in practice, they are still unsatisfactory due to several issues, including heavy adaptation cost, suboptimal text supervision, and uncontrolled natural generalization capacity. In this paper, to address these issues, we propose a few-shot adversarial prompt framework where adapting input sequences with limited data makes significant adversarial robustness improvement. Specifically, we achieve this by providing adversarially correlated text supervision that is end-to-end learned from adversarial examples. We also propose a novel training objective that enhances the consistency of multi-modal features while encourages differentiated uni-modal features between natural and adversarial examples. The proposed framework gives access to learn adversarial text supervision, which provides superior cross-modal adversarial alignment and matches state-of-the-art zero-shot adversarial robustness with only 1% training data. Code is available at: https://github.com/lionel-w2/FAP.