Vulnerability-Aware Robust Multimodal Adversarial Training

Multimodal learning has shown significant superiority on various tasks by integrating multiple modalities. However, the interdependencies among modalities increase the susceptibility of multimodal models to adversarial attacks. Existing methods mainly focus on attacks on specific modalities or indiscriminately attack all modalities. In this paper, we find that these approaches ignore the differences between modalities in their contribution to final robustness, resulting in suboptimal robustness performance. To bridge this gap, we introduce Vulnerability-Aware Robust Multimodal Adversarial Training (VARMAT), a probe-in-training adversarial training method that improves multimodal robustness by identifying the vulnerability of each modality. To be specific, VARMAT first explicitly quantifies the vulnerability of each modality, grounded in a first-order approximation of the attack objective (Probe). Then, we propose a targeted regularization term that penalizes modalities with high vulnerability, guiding robust learning while maintaining task accuracy (Training). We demonstrate the enhanced robustness of our method across multiple multimodal datasets involving diverse modalities. Finally, we achieve {12.73%, 22.21%, 11.19%} robustness improvement on three multimodal datasets, revealing a significant blind spot in multimodal adversarial training.

Key Contributions

• First-order approximation method to explicitly quantify adversarial vulnerability of each modality independently during training (Probe step)
• Targeted regularization term that penalizes high-vulnerability modalities to guide robustness improvements while preserving clean task accuracy (Training step)
• Demonstrated robustness gains of 12.73%, 22.21%, and 11.19% across three diverse multimodal datasets (CMU-MOSEI, UR-FUNNY, MIMIC)

🛡️ Threat Analysis

Details

Similar Papers