FMM-Attack: A Flow-based Multi-modal Adversarial Attack on Video-based LLMs
This work addresses the robustness and safety of video-based LLMs, which is important for developers and users of large multi-modal models, though it is incremental as it adapts adversarial attack techniques to a new modality.
The paper tackles the lack of adversarial attack research on video-based large language models by proposing FMM-Attack, a flow-based multi-modal adversarial attack that induces incorrect answers and hallucinations in these models with imperceptible perturbations on a small fraction of video frames.
Despite the remarkable performance of video-based large language models (LLMs), their adversarial threat remains unexplored. To fill this gap, we propose the first adversarial attack tailored for video-based LLMs by crafting flow-based multi-modal adversarial perturbations on a small fraction of frames within a video, dubbed FMM-Attack. Extensive experiments show that our attack can effectively induce video-based LLMs to generate incorrect answers when videos are added with imperceptible adversarial perturbations. Intriguingly, our FMM-Attack can also induce garbling in the model output, prompting video-based LLMs to hallucinate. Overall, our observations inspire a further understanding of multi-modal robustness and safety-related feature alignment across different modalities, which is of great importance for various large multi-modal models. Our code is available at https://github.com/THU-Kingmin/FMM-Attack.