Recent advances in instruction tuning have led to the development of State-of-the-Art Large Multimodal Models (LMMs). Given the novelty of these models, the impact of visual adversarial attacks on LMMs has not been thoroughly examined. We conduct a comprehensive study of the robustness of various LMMs against different adversarial attacks, evaluated across tasks including image classification, image captioning, and Visual Question Answer (VQA). We find that in general LMMs are not robust to visual adversarial inputs. However, our findings suggest that context provided to the model via prompts, such as questions in a QA pair helps to mitigate the effects of visual adversarial inputs. Notably, the LMMs evaluated demonstrated remarkable resilience to such attacks on the ScienceQA task with only an 8.10% drop in performance compared to their visual counterparts which dropped 99.73%. We also propose a new approach to real-world image classification which we term query decomposition. By incorporating existence queries into our input prompt we observe diminished attack effectiveness and improvements in image classification accuracy. This research highlights a previously under-explored facet of LMM robustness and sets the stage for future work aimed at strengthening the resilience of multimodal systems in adversarial environments.

翻译：近年来指令微调技术的进步推动了最先进大型多模态模型（LMMs）的发展。由于这类模型的新颖性，视觉对抗攻击对LMMs的影响尚未得到充分研究。我们针对不同对抗攻击下多种LMMs的鲁棒性开展了系统研究，评估任务涵盖图像分类、图像描述和视觉问答（VQA）。研究发现，LMMs整体上对视觉对抗输入缺乏鲁棒性。然而，我们的结果表明：通过提示词为模型提供的上下文（如问答对中的问题）有助于缓解视觉对抗输入的影响。值得注意的是，受评估的LMMs在ScienceQA任务上展现出卓越的抗攻击能力，性能仅下降8.10%，而纯视觉模型性能下降达99.73%。我们还提出了一种名为"查询分解"的新型图像分类方法——通过在输入提示中嵌入存在性查询，观察到攻击效能降低且图像分类准确性提升。本研究揭示了LMM鲁棒性中此前尚未充分探索的维度，为未来增强多模态系统在对抗环境中的抗干扰能力奠定了基础。