Imitation Game for Adversarial Disillusion with Chain-of-Thought Reasoning in Generative AI

TL;DR

This paper introduces a novel disillusion framework using an imitation game with chain-of-thought reasoning to defend multimodal generative AI against various adversarial illusions, effectively neutralizing attacks.

Contribution

It proposes a unified defense paradigm based on an imitation game that leverages chain-of-thought reasoning to counter diverse adversarial illusions in AI models.

Findings

The framework neutralizes both deductive and inductive adversarial illusions.

It is effective across white-box and black-box attack scenarios.

Experimental results confirm robustness of the proposed method.

Abstract

As the cornerstone of artificial intelligence, machine perception confronts a fundamental threat posed by adversarial illusions. These adversarial attacks manifest in two primary forms: deductive illusion, where specific stimuli are crafted based on the victim model's general decision logic, and inductive illusion, where the victim model's general decision logic is shaped by specific stimuli. The former exploits the model's decision boundaries to create a stimulus that, when applied, interferes with its decision-making process. The latter reinforces a conditioned reflex in the model, embedding a backdoor during its learning phase that, when triggered by a stimulus, causes aberrant behaviours. The multifaceted nature of adversarial illusions calls for a unified defence framework, addressing vulnerabilities across various forms of attack. In this study, we propose a disillusion paradigm based on the concept of an imitation game. At the heart of the imitation game lies a multimodal generative agent, steered by chain-of-thought reasoning, which observes, internalises and reconstructs the semantic essence of a sample, liberated from the classic pursuit of reversing the sample to its original state. As a proof of concept, we conduct experimental simulations using a multimodal generative dialogue agent and evaluates the methodology under a variety of attack scenarios. Experimental results demonstrate that the proposed framework consistently neutralises both deductive and inductive adversarial illusions across diverse white-box and black-box attack scenarios.