Topological Signatures of Adversaries in Multimodal Alignments

TL;DR

This paper explores how adversarial attacks disrupt the topological alignment between image and text embeddings in multimodal models, proposing novel topological losses and detection methods to improve robustness.

Contribution

It introduces new topological-contrastive losses and a detection algorithm leveraging persistent homology to identify adversarial attacks in multimodal systems.

Findings

Adversarial attacks cause monotonic changes in topological signatures.

Proposed methods improve detection of adversarial samples.

Topological analysis enhances robustness in multimodal alignment.

Abstract

Multimodal Machine Learning systems, particularly those aligning text and image data like CLIP/BLIP models, have become increasingly prevalent, yet remain susceptible to adversarial attacks. While substantial research has addressed adversarial robustness in unimodal contexts, defense strategies for multimodal systems are underexplored. This work investigates the topological signatures that arise between image and text embeddings and shows how adversarial attacks disrupt their alignment, introducing distinctive signatures. We specifically leverage persistent homology and introduce two novel Topological-Contrastive losses based on Total Persistence and Multi-scale kernel methods to analyze the topological signatures introduced by adversarial perturbations. We observe a pattern of monotonic changes in the proposed topological losses emerging in a wide range of attacks on image-text alignments, as more adversarial samples are introduced in the data. By designing an algorithm to back-propagate these signatures to input samples, we are able to integrate these signatures into Maximum Mean Discrepancy tests, creating a novel class of tests that leverage topological signatures for better adversarial detection.