AdaShield: Safeguarding Multimodal Large Language Models from Structure-based Attack via Adaptive Shield Prompting
The official implementation of our paper "AdaShield: Safeguarding Multimodal Large Language Models from Structure-based Attack via Adaptive Shield Prompting", by Yu Wang*, Xiaogeng Liu*, Yu Li, Muhao Chen, and Chaowei Xiao. (* denotes the equal contribution in this work.)
| Date | Event |
|---|---|
| 2024/07/01 | 🔥 Our paper is accepted by ECCV2024. |
| 2024/03/30 | We have released our full training and inference codes. |
| 2024/03/15 | We have released our paper. Thanks to all collaborators. |
With the advent and widespread deployment of Multimodal Large Language Models (MLLMs), the imperative to ensure their safety has become increasingly pronounced. However, with the integration of additional modalities, MLLMs are exposed to new vulnerabilities, rendering them prone to structured-based jailbreak attacks, where semantic content (e.g., ``harmful text'') has been injected into the images to mislead MLLMs. In this work, we aim to defend against such threats. Specifically, we propose Adaptive Shield Prompting ( AdaShield ), which prepends inputs with defense prompts to defend MLLMs against structure-based jailbreak attacks without fine-tuning MLLMs or training additional modules (e.g., post-stage content detector). Initially, we present a manually designed static defense prompt, which thoroughly examines the image and instruction content step by step and specifies response methods to malicious queries. Furthermore, we introduce an adaptive auto-refinement framework, consisting of a target MLLM and a LLM-based defense prompt generator (Defender). These components collaboratively and iteratively communicate to generate a defense prompt. Extensive experiments on the popular structure-based jailbreak attacks and benign datasets show that our methods can consistently improve MLLMs' robustness against structure-based jailbreak attacks without compromising the model's general capabilities evaluated on standard benign tasks.
AdaShield consists of a defender
A conversation example from AdaShield between the target MLLM
- Python >= 3.10
- Pytorch == 2.1.2
- CUDA Version >= 12.1
- Install required packages:
git clone https://github.com/rain305f/AdaShield
cd AdaShield
conda create -n adashield python=3.10 -y
conda activate adashield
pip install -r requirement.txt
# install environments about llava
git clone https://github.com/haotian-liu/LLaVA.git
cd LLaVA
pip install --upgrade pip
pip install -e .
cd ..
rm -r LLaVA
The training & validating instruction is in TRAIN_AND_VALIDATE.md.
- FigStep Attack Effective jailbreak attack for multi-modal large language models, and great job contributing the evaluation code and dataset.
- MM-SafetyBench(QR Attack) Effective jailbreak attack for multi-modal large language models, and great job contributing the evaluation code and dataset.
- AutoDAN Powerful jailbreak attack strategy on Aligned Large Language Models.
- BackdoorAlign Effective backdoor defense method against Fine-tuning Jailbreak Attack.
Please consider citing 📑 our papers if our repository is helpful to your work, thanks sincerely!
@article{wang2024adashield,
title={Adashield: Safeguarding multimodal large language models from structure-based attack via adaptive shield prompting},
author={Wang, Yu and Liu, Xiaogeng and Li, Yu and Chen, Muhao and Xiao, Chaowei},
journal={arXiv preprint arXiv:2403.09513},
year={2024}
}