Enregistré dans:
Détails bibliographiques
Auteurs principaux: Du, Xuefeng, Ghosh, Reshmi, Sim, Robert, Salem, Ahmed, Carvalho, Vitor, Lawton, Emily, Li, Yixuan, Stokes, Jack W.
Format: Preprint
Publié: 2024
Sujets:
Accès en ligne:https://arxiv.org/abs/2410.00296
Tags: Ajouter un tag
Pas de tags, Soyez le premier à ajouter un tag!
_version_ 1866910626770583552
author Du, Xuefeng
Ghosh, Reshmi
Sim, Robert
Salem, Ahmed
Carvalho, Vitor
Lawton, Emily
Li, Yixuan
Stokes, Jack W.
author_facet Du, Xuefeng
Ghosh, Reshmi
Sim, Robert
Salem, Ahmed
Carvalho, Vitor
Lawton, Emily
Li, Yixuan
Stokes, Jack W.
contents Vision-language models (VLMs) are essential for contextual understanding of both visual and textual information. However, their vulnerability to adversarially manipulated inputs presents significant risks, leading to compromised outputs and raising concerns about the reliability in VLM-integrated applications. Detecting these malicious prompts is thus crucial for maintaining trust in VLM generations. A major challenge in developing a safeguarding prompt classifier is the lack of a large amount of labeled benign and malicious data. To address the issue, we introduce VLMGuard, a novel learning framework that leverages the unlabeled user prompts in the wild for malicious prompt detection. These unlabeled prompts, which naturally arise when VLMs are deployed in the open world, consist of both benign and malicious information. To harness the unlabeled data, we present an automated maliciousness estimation score for distinguishing between benign and malicious samples within this unlabeled mixture, thereby enabling the training of a binary prompt classifier on top. Notably, our framework does not require extra human annotations, offering strong flexibility and practicality for real-world applications. Extensive experiment shows VLMGuard achieves superior detection results, significantly outperforming state-of-the-art methods. Disclaimer: This paper may contain offensive examples; reader discretion is advised.
format Preprint
id arxiv_https___arxiv_org_abs_2410_00296
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle VLMGuard: Defending VLMs against Malicious Prompts via Unlabeled Data
Du, Xuefeng
Ghosh, Reshmi
Sim, Robert
Salem, Ahmed
Carvalho, Vitor
Lawton, Emily
Li, Yixuan
Stokes, Jack W.
Machine Learning
Cryptography and Security
Vision-language models (VLMs) are essential for contextual understanding of both visual and textual information. However, their vulnerability to adversarially manipulated inputs presents significant risks, leading to compromised outputs and raising concerns about the reliability in VLM-integrated applications. Detecting these malicious prompts is thus crucial for maintaining trust in VLM generations. A major challenge in developing a safeguarding prompt classifier is the lack of a large amount of labeled benign and malicious data. To address the issue, we introduce VLMGuard, a novel learning framework that leverages the unlabeled user prompts in the wild for malicious prompt detection. These unlabeled prompts, which naturally arise when VLMs are deployed in the open world, consist of both benign and malicious information. To harness the unlabeled data, we present an automated maliciousness estimation score for distinguishing between benign and malicious samples within this unlabeled mixture, thereby enabling the training of a binary prompt classifier on top. Notably, our framework does not require extra human annotations, offering strong flexibility and practicality for real-world applications. Extensive experiment shows VLMGuard achieves superior detection results, significantly outperforming state-of-the-art methods. Disclaimer: This paper may contain offensive examples; reader discretion is advised.
title VLMGuard: Defending VLMs against Malicious Prompts via Unlabeled Data
topic Machine Learning
Cryptography and Security
url https://arxiv.org/abs/2410.00296