Hiding-in-Plain-Sight (HiPS) Attack on CLIP for Targetted Object Removal from Images
This addresses vulnerabilities in multi-modal AI systems for security applications, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the problem of adversarial attacks on multi-modal models like CLIP by introducing HiPS attacks, which subtly modify predictions to conceal target objects, and demonstrates their effectiveness in transferring to downstream image captioning models for targeted object removal.
Machine learning models are known to be vulnerable to adversarial attacks, but traditional attacks have mostly focused on single-modalities. With the rise of large multi-modal models (LMMs) like CLIP, which combine vision and language capabilities, new vulnerabilities have emerged. However, prior work in multimodal targeted attacks aim to completely change the model's output to what the adversary wants. In many realistic scenarios, an adversary might seek to make only subtle modifications to the output, so that the changes go unnoticed by downstream models or even by humans. We introduce Hiding-in-Plain-Sight (HiPS) attacks, a novel class of adversarial attacks that subtly modifies model predictions by selectively concealing target object(s), as if the target object was absent from the scene. We propose two HiPS attack variants, HiPS-cls and HiPS-cap, and demonstrate their effectiveness in transferring to downstream image captioning models, such as CLIP-Cap, for targeted object removal from image captions.