Technical Report for ICML 2024 TiFA Workshop MLLM Attack Challenge: Suffix Injection and Projected Gradient Descent Can Easily Fool An MLLM

Yangyang Guo; Ziwei Xu; Xilie Xu; Yongkang Wong; Liqiang Nie; Mohan S. Kankanhalli

Technical Report for ICML 2024 TiFA Workshop MLLM Attack Challenge: Suffix Injection and Projected Gradient Descent Can Easily Fool An MLLM

Yangyang Guo, Ziwei Xu, Xilie Xu, Yongkang Wong, Liqiang Nie, Mohan S. Kankanhalli

Published: 01 Jan 2024, Last Modified: 17 May 2025CoRR 2024EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: This technical report introduces our top-ranked solution that employs two approaches, \ie suffix injection and projected gradient descent (PGD) , to address the TiFA workshop MLLM attack challenge. Specifically, we first append the text from an incorrectly labeled option (pseudo-labeled) to the original query as a suffix. Using this modified query, our second approach applies the PGD method to add imperceptible perturbations to the image. Combining these two techniques enables successful attacks on the LLaVA 1.5 model.

Loading