Cross-Modal Safety Mechanism Transfer in Large Vision-Language Models

Shicheng Xu,Liang Pang,Yunchang Zhu,Huawei Shen,Xueqi Cheng
2024-10-16
Abstract:Vision-language alignment in Large Vision-Language Models (LVLMs) successfully enables LLMs to understand visual input. However, we find that existing vision-language alignment methods fail to transfer the existing safety mechanism for text in LLMs to vision, which leads to vulnerabilities in toxic image. To explore the cause of this problem, we give the insightful explanation of where and how the safety mechanism of LVLMs operates and conduct comparative analysis between text and vision. We find that the hidden states at the specific transformer layers play a crucial role in the successful activation of safety mechanism, while the vision-language alignment at hidden states level in current methods is insufficient. This results in a semantic shift for input images compared to text in hidden states, therefore misleads the safety mechanism. To address this, we propose a novel Text-Guided vision-language Alignment method (TGA) for LVLMs. TGA retrieves the texts related to input vision and uses them to guide the projection of vision into the hidden states space in LLMs. Experiments show that TGA not only successfully transfers the safety mechanism for text in basic LLMs to vision in vision-language alignment for LVLMs without any safety fine-tuning on the visual modality but also maintains the general performance on various vision tasks (Safe and Good).
Computer Vision and Pattern Recognition,Artificial Intelligence,Computation and Language
What problem does this paper attempt to address?
### What problems does this paper attempt to solve? This paper aims to solve the problem of cross - modal safety mechanism transfer in large - scale vision - language models (LVLMs). Specifically: 1. **Limitations of existing vision - language alignment methods**: Existing vision - language alignment methods cannot effectively transfer the safety mechanisms in text to visual inputs. This results in the safety performance of LVLMs being significantly lower when dealing with toxic images than when dealing with toxic text. 2. **Semantic drift problem**: It has been found that in current vision - language alignment methods, the hidden states of specific Transformer layers play a key role in activating safety mechanisms. However, these methods have insufficient alignment at the hidden - state level, causing the semantics of visual inputs to deviate from those of text inputs, thus misleading the safety mechanisms. 3. **Lack of effective cross - modal safety mechanism transfer**: Although LVLMs inherit the text safety mechanisms in basic LLMs, these mechanisms have not been effectively extended to the visual modality. Therefore, LVLMs show higher vulnerability when dealing with toxic visual inputs. To solve these problems, the paper makes the following contributions: - **Proposing a new perspective - cross - modal safety mechanism transfer**: It aims to transfer the safety mechanisms in text to visual inputs without additional safety fine - tuning of visual data. - **Revealing the operating mechanism of safety mechanisms**: By analyzing the hidden states of specific Transformer layers, it explains how safety mechanisms are activated in LVLMs and points out the reasons for the insufficient alignment at the hidden - state level in current methods. - **Proposing a new vision - language alignment method - TGA**: This method uses text related to the input vision to guide visual projection into the hidden - state space, thereby achieving effective cross - modal safety mechanism transfer and maintaining good performance on various visual tasks. Through these contributions, the paper re - thinks, explains and solves the vulnerability problem of LVLMs when dealing with toxic visual inputs.