Robust image classification with multi-modal large language models

TL;DR

This paper introduces MultiShield, a multi-modal large language model-based defense that detects and rejects adversarial examples by analyzing visual and textual input alignment, significantly improving robustness in image classification.

Contribution

The paper proposes MultiShield, a novel multi-modal defense leveraging large language models to enhance adversarial robustness by detecting misalignments between visual and textual data.

Findings

MultiShield effectively detects adversarial examples across datasets.

It outperforms existing defenses in accuracy and robustness.

The approach is easily integrable with existing models.

Abstract

Deep Neural Networks are vulnerable to adversarial examples, i.e., carefully crafted input samples that can cause models to make incorrect predictions with high confidence. To mitigate these vulnerabilities, adversarial training and detection-based defenses have been proposed to strengthen models in advance. However, most of these approaches focus on a single data modality, overlooking the relationships between visual patterns and textual descriptions of the input. In this paper, we propose a novel defense, MultiShield, designed to combine and complement these defenses with multi-modal information to further enhance their robustness. MultiShield leverages multi-modal large language models to detect adversarial examples and abstain from uncertain classifications when there is no alignment between textual and visual representations of the input. Extensive evaluations on CIFAR-10 and ImageNet datasets, using robust and non-robust image classification models, demonstrate that MultiShield can be easily integrated to detect and reject adversarial examples, outperforming the original defenses.