There has been an increasing interest in the alignment of large language models (LLMs) with human values. However, the safety issues of their integration with a vision module, or vision language models (VLMs), remain relatively underexplored. In this paper, we propose a novel jailbreaking attack against VLMs, aiming to bypass their safety barrier when a user inputs harmful instructions. A scenario where our poisoned (image, text) data pairs are included in the training data is assumed. By replacing the original textual captions with malicious jailbreak prompts, our method can perform jailbreak attacks with the poisoned images. Moreover, we analyze the effect of poison ratios and positions of trainable parameters on our attack's success rate. For evaluation, we design two metrics to quantify the success rate and the stealthiness of our attack. Together with a list of curated harmful instructions, a benchmark for measuring attack efficacy is provided. We demonstrate the efficacy of our attack by comparing it with baseline methods.

翻译：随着大型语言模型与人类价值观对齐的需求日益增长，其与视觉模块集成后的安全风险——即视觉语言模型的安全性问题——仍相对缺乏研究。本文提出一种针对视觉语言模型的新型越狱攻击方法，旨在绕过当用户输入有害指令时的安全防护机制。我们假设攻击者将包含恶意（图像，文本）数据对注入训练数据集中。通过将原始文本描述替换为恶意越狱提示，该方法可利用受污染图像实施越狱攻击。此外，我们分析了投毒比例与可训练参数位置对攻击成功率的影响。评估阶段，我们设计两个量化指标分别衡量攻击成功率与隐蔽性，并构建包含精心设计的有害指令的基准测试集以评估攻击效能。通过与基线方法的对比实验，验证了本攻击的有效性。