Search papers, labs, and topics across Lattice.
This paper introduces Text-Guided Backdoor (TGB), a novel backdoor attack on multimodal pretrained models that uses common words in textual descriptions as triggers, enhancing stealthiness compared to visual triggers. To control the attack's success rate, they introduce visual adversarial perturbations to modulate the model's learning of textual triggers. Experiments on CIR and VQA demonstrate TGB's practicality, stealthiness, and adjustable attack success rates, highlighting security vulnerabilities in multimodal models.
Multimodal models are surprisingly vulnerable to subtle text-based backdoor attacks using common words, making them far more practical and stealthy than previous visual trigger methods.
Multimodal pretrained models are vulnerable to backdoor attacks, yet most existing methods rely on visual or multimodal triggers, which are impractical since visually embedded triggers rarely occur in real-world data. To overcome this limitation, we propose a novel Text-Guided Backdoor (TGB) attack on multimodal pretrained models, where commonly occurring words in textual descriptions serve as backdoor triggers, significantly improving stealthiness and practicality. Furthermore, we introduce visual adversarial perturbations on poisoned samples to modulate the model's learning of textual triggers, enabling a controllable and adjustable TGB attack. Extensive experiments on downstream tasks built upon multimodal pretrained models, including Composed Image Retrieval (CIR) and Visual Question Answering (VQA), demonstrate that TGB achieves practicality and stealthiness with adjustable attack success rates across diverse realistic settings, revealing critical security vulnerabilities in multimodal pretrained models.
