Adversarial Robustness for Visual Grounding of Multimodal Large Language Models

TL;DR

This paper investigates the adversarial robustness of multimodal large language models in visual grounding, proposing new attack methods and establishing baselines to improve understanding and defense against such attacks.

Contribution

The paper introduces three novel adversarial attack paradigms for visual grounding in MLLMs and provides extensive experiments demonstrating their effectiveness.

Findings

Proposed attack methods successfully fool MLLMs in visual grounding tasks.

The attacks reveal vulnerabilities in current MLLMs' visual grounding capabilities.

Baseline benchmarks for adversarial robustness in visual grounding are established.

Abstract

Multi-modal Large Language Models (MLLMs) have recently achieved enhanced performance across various vision-language tasks including visual grounding capabilities. However, the adversarial robustness of visual grounding remains unexplored in MLLMs. To fill this gap, we use referring expression comprehension (REC) as an example task in visual grounding and propose three adversarial attack paradigms as follows. Firstly, untargeted adversarial attacks induce MLLMs to generate incorrect bounding boxes for each object. Besides, exclusive targeted adversarial attacks cause all generated outputs to the same target bounding box. In addition, permuted targeted adversarial attacks aim to permute all bounding boxes among different objects within a single image. Extensive experiments demonstrate that the proposed methods can successfully attack visual grounding capabilities of MLLMs. Our methods not only provide a new perspective for designing novel attacks but also serve as a strong baseline for improving the adversarial robustness for visual grounding of MLLMs.