多模態融合對抗攻擊
Operation & Monitoring
Risk Description
Attackers inject small but coordinated perturbations across multiple input modalities simultaneously (e.g., text+image, audio+visual), exploiting cross-modal fusion mechanisms to amplify attack effects. While single-modality perturbations may fall within safety thresholds, coordinated multi-modal perturbations can trigger severe model failures after fusion. As multi-modal AI systems (GPT-4V, Gemini) proliferate, this attack surface expands dramatically.
Framework Mappings
iso 23894R2
tw principle資安與安全
tw risk type技術設計缺陷(Technical Design Flaw)
Controls English translation pending
- 跨模態一致性檢驗
- 模態隔離防禦
Implementation Steps English translation pending
- 實施跨模態一致性檢驗,偵測不同模態間的語義矛盾
- 對各模態輸入獨立進行安全檢查後再進行融合
- 部署模態隔離防禦,在模態融合前過濾可疑輸入
- 建立多模態對抗樣本測試集,定期進行魯棒性評估