Can LLMs Deceive CLIP? Benchmarking Adversarial Compositionality of Pre-trained Multimodal Representation via Text Updates

TL;DR

This paper introduces MAC, a benchmark using LLMs to generate deceptive texts that reveal compositional vulnerabilities in multimodal models like CLIP, and proposes a self-training method to improve attack effectiveness and diversity.

Contribution

The paper presents MAC, a novel benchmark for testing multimodal models' vulnerabilities with adversarial texts, and a self-training approach that enhances attack success and diversity.

Findings

MAC effectively uncovers vulnerabilities in multimodal models.

Self-training improves attack success rate and sample diversity.

Smaller LLMs like Llama-3.1-8B outperform previous methods.

Abstract

While pre-trained multimodal representations (e.g., CLIP) have shown impressive capabilities, they exhibit significant compositional vulnerabilities leading to counterintuitive judgments. We introduce Multimodal Adversarial Compositionality (MAC), a benchmark that leverages large language models (LLMs) to generate deceptive text samples to exploit these vulnerabilities across different modalities and evaluates them through both sample-wise attack success rate and group-wise entropy-based diversity. To improve zero-shot methods, we propose a self-training approach that leverages rejection-sampling fine-tuning with diversity-promoting filtering, which enhances both attack success rate and sample diversity. Using smaller language models like Llama-3.1-8B, our approach demonstrates superior performance in revealing compositional vulnerabilities across various multimodal representations, including images, videos, and audios.