Few-Shot Adversarial Prompt Learning on Vision-Language Models

Yiwei Zhou; Xiaobo Xia; Zhiwei Lin; Bo Han; Tongliang Liu

Few-Shot Adversarial Prompt Learning on Vision-Language Models

Yiwei Zhou, Xiaobo Xia, Zhiwei Lin^*, Bo Han, Tongliang Liu^*

^*Corresponding author for this work

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

Abstract

The vulnerability of deep neural networks to imperceptible adversarial perturbations has attracted widespread attention. Inspired by the success of vision-language foundation models, previous efforts achieved zero-shot adversarial robustness by aligning adversarial visual features with text supervision. However, in practice, they are still unsatisfactory due to several issues, including heavy adaptation cost, suboptimal text supervision, and uncontrolled natural generalization capacity. In this paper, to address these issues, we propose a few-shot adversarial prompt framework where adapting input sequences with limited data makes significant adversarial robustness improvement. Specifically, we achieve this by providing adversarially correlated text supervision that is end-to-end learned from adversarial examples. We also propose a novel training objective that enhances the consistency of multi-modal features while encourages differentiated uni-modal features between natural and adversarial examples. The proposed framework gives access to learn adversarial text supervision, which provides superior cross-modal adversarial alignment and matches state-of-the-art zero-shot adversarial robustness with only 1% training data. Code is available at: https://github.com/lionel-w2/FAP.

Original language	English
Title of host publication	38th Conference on Neural Information Processing Systems, NeurIPS 2024
Editors	A. Globerson, L. Mackey, D. Belgrave, A. Fan, U. Paquet, J. Tomczak, C. Zhang
Publisher	Neural Information Processing Systems Foundation
Number of pages	35
ISBN (Electronic)	9798331314385
Publication status	Published - Dec 2024
Event	38th Conference on Neural Information Processing Systems, NeurIPS 2024 - Vancouver Convention Center , Vancouver, Canada Duration: 9 Dec 2024 → 15 Dec 2024 https://neurips.cc/Conferences/2024 https://openreview.net/group?id=NeurIPS.cc/2024 https://proceedings.neurips.cc/paper_files/paper/2024

Publication series

Name	Advances in Neural Information Processing Systems
Publisher	Neural information processing systems foundation
Volume	37
ISSN (Print)	1049-5258

Name	NeurIPS Proceedings

Conference

Conference	38th Conference on Neural Information Processing Systems, NeurIPS 2024
Country/Territory	Canada
City	Vancouver
Period	9/12/24 → 15/12/24
Internet address	https://neurips.cc/Conferences/2024 https://openreview.net/group?id=NeurIPS.cc/2024 https://proceedings.neurips.cc/paper_files/paper/2024

Access to Document

https://proceedings.neurips.cc/paper_files/paper/2024/file/05aedcaf4bc6e78a5e22b4cf9114c5e8-Paper-Conference.pdf

Cite this

Zhou, Y., Xia, X., Lin, Z., Han, B., & Liu, T. (2024). Few-Shot Adversarial Prompt Learning on Vision-Language Models. In A. Globerson, L. Mackey, D. Belgrave, A. Fan, U. Paquet, J. Tomczak, & C. Zhang (Eds.), 38th Conference on Neural Information Processing Systems, NeurIPS 2024 (Advances in Neural Information Processing Systems; Vol. 37), (NeurIPS Proceedings). Neural Information Processing Systems Foundation. https://proceedings.neurips.cc/paper_files/paper/2024/file/05aedcaf4bc6e78a5e22b4cf9114c5e8-Paper-Conference.pdf

Zhou, Yiwei ; Xia, Xiaobo ; Lin, Zhiwei et al. / Few-Shot Adversarial Prompt Learning on Vision-Language Models. 38th Conference on Neural Information Processing Systems, NeurIPS 2024. editor / A. Globerson ; L. Mackey ; D. Belgrave ; A. Fan ; U. Paquet ; J. Tomczak ; C. Zhang. Neural Information Processing Systems Foundation, 2024. (Advances in Neural Information Processing Systems). (NeurIPS Proceedings).

@inproceedings{f4baed3b2d844d6f9a39c6fd79c1cba7,

title = "Few-Shot Adversarial Prompt Learning on Vision-Language Models",

abstract = "The vulnerability of deep neural networks to imperceptible adversarial perturbations has attracted widespread attention. Inspired by the success of vision-language foundation models, previous efforts achieved zero-shot adversarial robustness by aligning adversarial visual features with text supervision. However, in practice, they are still unsatisfactory due to several issues, including heavy adaptation cost, suboptimal text supervision, and uncontrolled natural generalization capacity. In this paper, to address these issues, we propose a few-shot adversarial prompt framework where adapting input sequences with limited data makes significant adversarial robustness improvement. Specifically, we achieve this by providing adversarially correlated text supervision that is end-to-end learned from adversarial examples. We also propose a novel training objective that enhances the consistency of multi-modal features while encourages differentiated uni-modal features between natural and adversarial examples. The proposed framework gives access to learn adversarial text supervision, which provides superior cross-modal adversarial alignment and matches state-of-the-art zero-shot adversarial robustness with only 1% training data. Code is available at: https://github.com/lionel-w2/FAP.",

author = "Yiwei Zhou and Xiaobo Xia and Zhiwei Lin and Bo Han and Tongliang Liu",

note = "Publisher Copyright: {\textcopyright} 2024 Neural information processing systems foundation. All rights reserved.; 38th Conference on Neural Information Processing Systems, NeurIPS 2024 ; Conference date: 09-12-2024 Through 15-12-2024",

year = "2024",

month = dec,

language = "English",

series = "Advances in Neural Information Processing Systems",

publisher = "Neural Information Processing Systems Foundation",

editor = "A. Globerson and L. Mackey and D. Belgrave and A. Fan and U. Paquet and J. Tomczak and C. Zhang",

booktitle = "38th Conference on Neural Information Processing Systems, NeurIPS 2024",

url = "https://neurips.cc/Conferences/2024, https://openreview.net/group?id=NeurIPS.cc/2024, https://proceedings.neurips.cc/paper_files/paper/2024",

}

Zhou, Y, Xia, X, Lin, Z, Han, B & Liu, T 2024, Few-Shot Adversarial Prompt Learning on Vision-Language Models. in A Globerson, L Mackey, D Belgrave, A Fan, U Paquet, J Tomczak & C Zhang (eds), 38th Conference on Neural Information Processing Systems, NeurIPS 2024. Advances in Neural Information Processing Systems, vol. 37, NeurIPS Proceedings, Neural Information Processing Systems Foundation, 38th Conference on Neural Information Processing Systems, NeurIPS 2024, Vancouver, Canada, 9/12/24. <https://proceedings.neurips.cc/paper_files/paper/2024/file/05aedcaf4bc6e78a5e22b4cf9114c5e8-Paper-Conference.pdf>

Few-Shot Adversarial Prompt Learning on Vision-Language Models. / Zhou, Yiwei; Xia, Xiaobo; Lin, Zhiwei et al.
38th Conference on Neural Information Processing Systems, NeurIPS 2024. ed. / A. Globerson; L. Mackey; D. Belgrave; A. Fan; U. Paquet; J. Tomczak; C. Zhang. Neural Information Processing Systems Foundation, 2024. (Advances in Neural Information Processing Systems; Vol. 37), (NeurIPS Proceedings).

Research output: Chapter in book/report/conference proceeding › Conference proceeding › peer-review

TY - GEN

T1 - Few-Shot Adversarial Prompt Learning on Vision-Language Models

AU - Zhou, Yiwei

AU - Xia, Xiaobo

AU - Lin, Zhiwei

AU - Han, Bo

AU - Liu, Tongliang

PY - 2024/12

Y1 - 2024/12

N2 - The vulnerability of deep neural networks to imperceptible adversarial perturbations has attracted widespread attention. Inspired by the success of vision-language foundation models, previous efforts achieved zero-shot adversarial robustness by aligning adversarial visual features with text supervision. However, in practice, they are still unsatisfactory due to several issues, including heavy adaptation cost, suboptimal text supervision, and uncontrolled natural generalization capacity. In this paper, to address these issues, we propose a few-shot adversarial prompt framework where adapting input sequences with limited data makes significant adversarial robustness improvement. Specifically, we achieve this by providing adversarially correlated text supervision that is end-to-end learned from adversarial examples. We also propose a novel training objective that enhances the consistency of multi-modal features while encourages differentiated uni-modal features between natural and adversarial examples. The proposed framework gives access to learn adversarial text supervision, which provides superior cross-modal adversarial alignment and matches state-of-the-art zero-shot adversarial robustness with only 1% training data. Code is available at: https://github.com/lionel-w2/FAP.

AB - The vulnerability of deep neural networks to imperceptible adversarial perturbations has attracted widespread attention. Inspired by the success of vision-language foundation models, previous efforts achieved zero-shot adversarial robustness by aligning adversarial visual features with text supervision. However, in practice, they are still unsatisfactory due to several issues, including heavy adaptation cost, suboptimal text supervision, and uncontrolled natural generalization capacity. In this paper, to address these issues, we propose a few-shot adversarial prompt framework where adapting input sequences with limited data makes significant adversarial robustness improvement. Specifically, we achieve this by providing adversarially correlated text supervision that is end-to-end learned from adversarial examples. We also propose a novel training objective that enhances the consistency of multi-modal features while encourages differentiated uni-modal features between natural and adversarial examples. The proposed framework gives access to learn adversarial text supervision, which provides superior cross-modal adversarial alignment and matches state-of-the-art zero-shot adversarial robustness with only 1% training data. Code is available at: https://github.com/lionel-w2/FAP.

UR - https://proceedings.neurips.cc/paper_files/paper/2024/hash/05aedcaf4bc6e78a5e22b4cf9114c5e8-Abstract-Conference.html

UR - https://proceedings.neurips.cc/paper_files/paper/2024

UR - http://www.scopus.com/inward/record.url?scp=105000488337&partnerID=8YFLogxK

M3 - Conference proceeding

AN - SCOPUS:105000488337

T3 - Advances in Neural Information Processing Systems

BT - 38th Conference on Neural Information Processing Systems, NeurIPS 2024

A2 - Globerson, A.

A2 - Mackey, L.

A2 - Belgrave, D.

A2 - Fan, A.

A2 - Paquet, U.

A2 - Tomczak, J.

A2 - Zhang, C.

PB - Neural Information Processing Systems Foundation

T2 - 38th Conference on Neural Information Processing Systems, NeurIPS 2024

Y2 - 9 December 2024 through 15 December 2024

ER -

Zhou Y, Xia X, Lin Z, Han B, Liu T. Few-Shot Adversarial Prompt Learning on Vision-Language Models. In Globerson A, Mackey L, Belgrave D, Fan A, Paquet U, Tomczak J, Zhang C, editors, 38th Conference on Neural Information Processing Systems, NeurIPS 2024. Neural Information Processing Systems Foundation. 2024. (Advances in Neural Information Processing Systems). (NeurIPS Proceedings).

Few-Shot Adversarial Prompt Learning on Vision-Language Models

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this