Partially Recentralization Softmax Loss for Vision-Language Models
Robustness
- URL: http://arxiv.org/abs/2402.03627v1
- Date: Tue, 6 Feb 2024 01:44:38 GMT
- Title: Partially Recentralization Softmax Loss for Vision-Language Models
Robustness
- Authors: Hao Wang, Xin Zhang, Jinzhe Jiang, Yaqian Zhao and Chen Li
- Abstract summary: We study the adversarial robustness provided by modifying loss function of pre-trained multimodal models.
Our experiments show that after a fine-tuning, adversarial robustness of pre-trained models can be significantly improved, against popular attacks.
- Score: 12.079952813850428
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: As Large Language Models make a breakthrough in natural language processing
tasks (NLP), multimodal technique becomes extremely popular. However, it has
been shown that multimodal NLP are vulnerable to adversarial attacks, where the
outputs of a model can be dramatically changed by a perturbation to the input.
While several defense techniques have been proposed both in computer vision and
NLP models, the multimodal robustness of models have not been fully explored.
In this paper, we study the adversarial robustness provided by modifying loss
function of pre-trained multimodal models, by restricting top K softmax
outputs. Based on the evaluation and scoring, our experiments show that after a
fine-tuning, adversarial robustness of pre-trained models can be significantly
improved, against popular attacks. Further research should be studying, such as
output diversity, generalization and the robustness-performance trade-off of
this kind of loss functions. Our code will be available after this paper is
accepted
Related papers
- A Unified Understanding of Adversarial Vulnerability Regarding Unimodal Models and Vision-Language Pre-training Models [7.350203999073509]
Feature Guidance Attack (FGA) is a novel method that uses text representations to direct the perturbation of clean images.
Our method demonstrates stable and effective attack capabilities across various datasets, downstream tasks, and both black-box and white-box settings.
arXiv Detail & Related papers (2024-07-25T06:10:33Z) - One Perturbation is Enough: On Generating Universal Adversarial Perturbations against Vision-Language Pre-training Models [47.14654793461]
Vision-Language Pre-training models trained on large-scale image-text pairs are vulnerable to adversarial samples crafted by a malicious adversary.
We propose a Contrastive-training Perturbation Generator with Cross-modal conditions (C-PGC) to exploit this vulnerability.
arXiv Detail & Related papers (2024-06-08T15:01:54Z) - Advancing the Robustness of Large Language Models through Self-Denoised Smoothing [50.54276872204319]
Large language models (LLMs) have achieved significant success, but their vulnerability to adversarial perturbations has raised considerable concerns.
We propose to leverage the multitasking nature of LLMs to first denoise the noisy inputs and then to make predictions based on these denoised versions.
Unlike previous denoised smoothing techniques in computer vision, which require training a separate model to enhance the robustness of LLMs, our method offers significantly better efficiency and flexibility.
arXiv Detail & Related papers (2024-04-18T15:47:00Z) - MMCert: Provable Defense against Adversarial Attacks to Multi-modal Models [34.802736332993994]
We propose MMCert, the first certified defense against adversarial attacks to a multi-modal model.
We evaluate our MMCert using two benchmark datasets: one for the multi-modal road segmentation task and the other for the multi-modal emotion recognition task.
arXiv Detail & Related papers (2024-03-28T01:05:06Z) - eP-ALM: Efficient Perceptual Augmentation of Language Models [70.47962271121389]
We propose to direct effort to efficient adaptations of existing models, and propose to augment Language Models with perception.
Existing approaches for adapting pretrained models for vision-language tasks still rely on several key components that hinder their efficiency.
We show that by freezing more than 99% of total parameters, training only one linear projection layer, and prepending only one trainable token, our approach (dubbed eP-ALM) significantly outperforms other baselines on VQA and Captioning.
arXiv Detail & Related papers (2023-03-20T19:20:34Z) - Tailoring Language Generation Models under Total Variation Distance [55.89964205594829]
The standard paradigm of neural language generation adopts maximum likelihood estimation (MLE) as the optimizing method.
We develop practical bounds to apply it to language generation.
We introduce the TaiLr objective that balances the tradeoff of estimating TVD.
arXiv Detail & Related papers (2023-02-26T16:32:52Z) - Confident Adaptive Language Modeling [95.45272377648773]
CALM is a framework for dynamically allocating different amounts of compute per input and generation timestep.
We demonstrate the efficacy of our framework in reducing compute -- potential speedup of up to $times 3$ -- while provably maintaining high performance.
arXiv Detail & Related papers (2022-07-14T17:00:19Z) - How Should Pre-Trained Language Models Be Fine-Tuned Towards Adversarial
Robustness? [121.57551065856164]
We propose Robust Informative Fine-Tuning (RIFT) as a novel adversarial fine-tuning method from an information-theoretical perspective.
RIFT encourages an objective model to retain the features learned from the pre-trained model throughout the entire fine-tuning process.
Experimental results show that RIFT consistently outperforms the state-of-the-arts on two popular NLP tasks.
arXiv Detail & Related papers (2021-12-22T05:04:41Z) - Provably robust deep generative models [1.52292571922932]
We propose a method for training provably robust generative models, specifically a provably robust version of the variational auto-encoder (VAE)
We show that it is able to produce generative models that are substantially more robust to adversarial attacks.
arXiv Detail & Related papers (2020-04-22T14:47:41Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.