Vulnerability-Aware Robust Multimodal Adversarial Training
DOI:
https://doi.org/10.1609/aaai.v40i33.40054Abstract
Multimodal learning has shown significant superiority on various tasks by integrating multiple modalities. However, the interdependencies among modalities increase the susceptibility of multimodal models to adversarial attacks. Existing methods mainly focus on attacks on specific modalities or indiscriminately attack all modalities. In this paper, we find that these approaches ignore the differences between modalities in their contribution to final robustness, resulting in suboptimal robustness performance. To bridge this gap, we introduce Vulnerability-Aware Robust Multimodal Adversarial Training (VARMAT), a probe-in-training adversarial training method that improves multimodal robustness by identifying the vulnerability of each modality. To be specific, VARMAT first explicitly quantifies the vulnerability of each modality, grounded in a first-order approximation of the attack objective (Probe). Then, we propose a targeted regularization term that penalizes modalities with high vulnerability, guiding robust learning while maintaining task accuracy (Training). We demonstrate the enhanced robustness of our method across multiple multimodal datasets involving diverse modalities. Finally, we achieve {12.73%, 22.21%, 11.19%} robustness improvement on three multimodal datasets, revealing a significant blind spot in multimodal adversarial training.
Published
2026-03-14
How to Cite
Zhang, J., Zhao, X., Peng, J., Wang, C., Ji, J., & Chen, T. (2026). Vulnerability-Aware Robust Multimodal Adversarial Training. Proceedings of the AAAI Conference on Artificial Intelligence, 40(33), 28265–28273. https://doi.org/10.1609/aaai.v40i33.40054
Issue
Section
AAAI Technical Track on Machine Learning X
