Adversarial Attacks on Multimodal Language Models

Student: Knunyants Ivan

Supervisor: Ekaterina Artemova

Educational Programme: Applied Mathematics and Information Science (Bachelor)

Year of Graduation: 2021

Recently, multimodal tasks have become increasingly popular. This tasks are called multimodal because the model process two different types of input data. Such tasks are, for example, Image captioning and VQA tasks. Until recently, CNN+RNN models were able to handle such tasks. However, better results were shown by multimodal systems using the transformer architecture. Despite their popularity, no significant research has yet been conducted on adversarial attacks on these models. It is these attacks that reflect the vulnerability of models to minor transformations of input data. The purpose of this study is to apply adversarial attacks to multimodal models-tranformers. The attack model is LXMERT, which solves the VQA problem. The results show that even a simple type of adversarial attack successfully obfuscated the model.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses