Saved in:
Bibliographic Details
Main Authors: Hao, Shuyang, Hooi, Bryan, Liu, Jun, Chang, Kai-Wei, Huang, Zi, Cai, Yujun
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.18000
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915038936170496
author Hao, Shuyang
Hooi, Bryan
Liu, Jun
Chang, Kai-Wei
Huang, Zi
Cai, Yujun
author_facet Hao, Shuyang
Hooi, Bryan
Liu, Jun
Chang, Kai-Wei
Huang, Zi
Cai, Yujun
contents Despite inheriting security measures from underlying language models, Vision-Language Models (VLMs) may still be vulnerable to safety alignment issues. Through empirical analysis, we uncover two critical findings: scenario-matched images can significantly amplify harmful outputs, and contrary to common assumptions in gradient-based attacks, minimal loss values do not guarantee optimal attack effectiveness. Building on these insights, we introduce MLAI (Multi-Loss Adversarial Images), a novel jailbreak framework that leverages scenario-aware image generation for semantic alignment, exploits flat minima theory for robust adversarial image selection, and employs multi-image collaborative attacks for enhanced effectiveness. Extensive experiments demonstrate MLAI's significant impact, achieving attack success rates of 77.75% on MiniGPT-4 and 82.80% on LLaVA-2, substantially outperforming existing methods by margins of 34.37% and 12.77% respectively. Furthermore, MLAI shows considerable transferability to commercial black-box VLMs, achieving up to 60.11% success rate. Our work reveals fundamental visual vulnerabilities in current VLMs safety mechanisms and underscores the need for stronger defenses. Warning: This paper contains potentially harmful example text.
format Preprint
id arxiv_https___arxiv_org_abs_2411_18000
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Exploring Visual Vulnerabilities via Multi-Loss Adversarial Search for Jailbreaking Vision-Language Models
Hao, Shuyang
Hooi, Bryan
Liu, Jun
Chang, Kai-Wei
Huang, Zi
Cai, Yujun
Computer Vision and Pattern Recognition
Despite inheriting security measures from underlying language models, Vision-Language Models (VLMs) may still be vulnerable to safety alignment issues. Through empirical analysis, we uncover two critical findings: scenario-matched images can significantly amplify harmful outputs, and contrary to common assumptions in gradient-based attacks, minimal loss values do not guarantee optimal attack effectiveness. Building on these insights, we introduce MLAI (Multi-Loss Adversarial Images), a novel jailbreak framework that leverages scenario-aware image generation for semantic alignment, exploits flat minima theory for robust adversarial image selection, and employs multi-image collaborative attacks for enhanced effectiveness. Extensive experiments demonstrate MLAI's significant impact, achieving attack success rates of 77.75% on MiniGPT-4 and 82.80% on LLaVA-2, substantially outperforming existing methods by margins of 34.37% and 12.77% respectively. Furthermore, MLAI shows considerable transferability to commercial black-box VLMs, achieving up to 60.11% success rate. Our work reveals fundamental visual vulnerabilities in current VLMs safety mechanisms and underscores the need for stronger defenses. Warning: This paper contains potentially harmful example text.
title Exploring Visual Vulnerabilities via Multi-Loss Adversarial Search for Jailbreaking Vision-Language Models
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2411.18000