Revisiting the Adversarial Robustness of Vision Language Models: a Multimodal Perspective

TL;DR

This paper introduces a multimodal contrastive adversarial training method to enhance the robustness of vision-language models like CLIP against image, text, and multimodal adversarial attacks, addressing a largely unexplored area.

Contribution

It proposes the first comprehensive multimodal adversarial training approach, improving robustness of both image and text encoders against various modality-specific attacks.

Findings

MMCoA improves robustness across all attack types

Extensive experiments on 15 datasets validate effectiveness

Unified framework for multimodal adversarial defense

Abstract

Pretrained vision-language models (VLMs) like CLIP exhibit exceptional generalization across diverse downstream tasks. While recent studies reveal their vulnerability to adversarial attacks, research to date has primarily focused on enhancing the robustness of image encoders against image-based attacks, with defenses against text-based and multimodal attacks remaining largely unexplored. To this end, this work presents the first comprehensive study on improving the adversarial robustness of VLMs against attacks targeting image, text, and multimodal inputs. This is achieved by proposing multimodal contrastive adversarial training (MMCoA). Such an approach strengthens the robustness of both image and text encoders by aligning the clean text embeddings with adversarial image embeddings, and adversarial text embeddings with clean image embeddings. The robustness of the proposed MMCoA is examined against existing defense methods over image, text, and multimodal attacks on the CLIP model. Extensive experiments on 15 datasets across two tasks reveal the characteristics of different adversarial defense methods under distinct distribution shifts and dataset complexities across the three attack types. This paves the way for a unified framework of adversarial robustness against different modality attacks, opening up new possibilities for securing VLMs against multimodal attacks. The code is available at https://github.com/ElleZWQ/MMCoA.git.