S0077Significant

多模態融合對抗攻擊

Operation & Monitoring

Risk Description

Attackers inject small but coordinated perturbations across multiple input modalities simultaneously (e.g., text+image, audio+visual), exploiting cross-modal fusion mechanisms to amplify attack effects. While single-modality perturbations may fall within safety thresholds, coordinated multi-modal perturbations can trigger severe model failures after fusion. As multi-modal AI systems (GPT-4V, Gemini) proliferate, this attack surface expands dramatically.

Framework Mappings

iso 23894R2
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)

Controls English translation pending

  • 跨模態一致性檢驗
  • 模態隔離防禦

Implementation Steps English translation pending

  1. 實施跨模態一致性檢驗,偵測不同模態間的語義矛盾
  2. 對各模態輸入獨立進行安全檢查後再進行融合
  3. 部署模態隔離防禦,在模態融合前過濾可疑輸入
  4. 建立多模態對抗樣本測試集,定期進行魯棒性評估