Enhancing Adversarial Robustness of Vision-Language Models through Low-Rank Adaptation

TL;DR

This paper introduces AdvLoRA, a low-rank adaptation method that enhances the adversarial robustness of vision-language models while reducing computational costs, addressing security vulnerabilities and resource inefficiencies.

Contribution

We propose a novel, parameter-efficient adversarial adaptation technique called AdvLoRA, leveraging low-rank properties, parameter clustering, and adaptive updates to improve robustness and efficiency of VLMs.

Findings

AdvLoRA significantly improves adversarial robustness of VLMs.

The method reduces computational costs compared to traditional techniques.

Extensive experiments validate the effectiveness of AdvLoRA.

Abstract

Vision-Language Models (VLMs) play a crucial role in the advancement of Artificial General Intelligence (AGI). As AGI rapidly evolves, addressing security concerns has emerged as one of the most significant challenges for VLMs. In this paper, we present extensive experiments that expose the vulnerabilities of conventional adaptation methods for VLMs, highlighting significant security risks. Moreover, as VLMs grow in size, the application of traditional adversarial adaptation techniques incurs substantial computational costs. To address these issues, we propose a parameter-efficient adversarial adaptation method called \textbf{\textit{AdvLoRA}} based on Low-Rank Adaptation. We investigate and reveal the inherent low-rank properties involved in adversarial adaptation for VLMs. Different from LoRA, we enhance the efficiency and robustness of adversarial adaptation by introducing a novel reparameterization method that leverages parameter clustering and alignment. Additionally, we propose an adaptive parameter update strategy to further bolster robustness. These innovations enable our AdvLoRA to mitigate issues related to model security and resource wastage. Extensive experiments confirm the effectiveness and efficiency of AdvLoRA.