Go to ICLR 2026 Conference homepageAdPO: Enhancing the Adversarial Robustness of Large Vision-Language Models with Preference Optimization
Keywords: Large Vision-Language Models, Adversarial Training
TL;DR: We propose a novel preference optimization method to enhance the adversarial robustness of LVLMs while maintaining nearly intact clean performance.
Abstract: Large Vision-Language Models (LVLMs), such as GPT-4o and LLaVA, have recently witnessed remarkable advancements and are increasingly being deployed in real-world applications.
However, inheriting the sensitivity of visual neural networks, LVLMs remain vulnerable to adversarial attacks, which can result in erroneous or malicious outputs.
While existing efforts utilize adversarial fine-tuning to enhance robustness, they often suffer from significant performance degradation on clean inputs.
In this paper, we propose AdPO, a novel adversarial defense strategy for LVLMs based on preference optimization.
For the first time, we reframe adversarial training as a preference optimization problem, aiming to enhance the model’s preference for generating normal outputs on clean inputs while rejecting the potential misleading outputs for adversarial examples.
Notably, AdPO achieves this by solely modifying the image encoder, e.g., CLIP ViT, resulting in superior clean and adversarial performance in a variety of downstream tasks.
Due to the computational cost of training large language models, we show that training on smaller LVLMs and transferring to larger ones achieves state-of-the-art performance with efficiency comparable to previous methods.
Our comprehensive experiments confirm the effectiveness of the proposed AdPO which highlights the potential of preference-based learning in adversarially robust multimodal systems.
Primary Area: applications to computer vision, audio, language, and other modalities
Submission Number: 18466
Loading