Evaluating the Efficacy of Prompt-Engineered Large Multimodal Models Versus Fine-Tuned Vision Transformers in Image-Based Security Applications

📄 arXiv: 2403.17787v2 📥 PDF

作者: Fouad Trad, Ali Chehab

分类: cs.AI, cs.CR, cs.CV

发布日期: 2024-03-26 (更新: 2024-06-10)

期刊: Published in ACM Transactions on Intelligent Systems and Technology, 2025

DOI: 10.1145/3735648


💡 一句话要点

比较多模态模型与微调视觉变换器在图像安全中的应用效果

🎯 匹配领域: 支柱九:具身大模型 (Embodied Foundation Models)

关键词: 多模态模型 视觉变换器 图像安全 恶意软件分类 提示工程 网络安全

📋 核心要点

  1. 现有的多模态模型在处理复杂安全任务时表现不如微调的视觉变换器,尤其是在恶意软件分类等不可视任务中。
  2. 论文提出了通过提示工程优化多模态模型,以提高其在图像安全应用中的表现,尤其是针对简单触发器和恶意软件分类的任务。
  3. 实验结果显示,微调的ViT模型在恶意软件分类任务中取得了97.11%的F1分数,远超LMMs的表现,验证了其在安全领域的优势。

📝 摘要(中文)

随着大型语言模型(LLMs)的成功,大型多模态模型(LMMs)也开始迅速发展,并在多种应用中展现出变革潜力。本文探讨了经过提示工程的LMMs(如LLaVA、BakLLaVA、Moondream等)与微调的视觉变换器(ViT)在解决安全挑战中的有效性,重点关注两个安全任务:1)检测简单触发器的可视任务,2)通过视觉表示进行恶意软件分类的不可视任务。结果表明,尽管某些LMMs在可视任务中表现良好,但在不可视任务中,ViT模型的表现显著优于LMMs,展示了微调ViT在精确任务中的无与伦比的有效性。

🔬 方法详解

问题定义:本文旨在解决多模态模型在图像安全应用中的有效性问题,尤其是在恶意软件分类和简单触发器检测任务中的不足之处。现有方法在处理复杂的安全挑战时,尤其是不可视任务时,表现不佳。

核心思路:论文通过提示工程优化多模态模型,使其能够更好地理解和分析图像与文本的结合,从而提升在安全任务中的表现。这样的设计旨在充分利用多模态模型的潜力,同时对比微调的视觉变换器的效果。

技术框架:研究包括两个主要模块:1)针对简单触发器的可视任务,2)针对恶意软件分类的不可视任务。每个模块都采用不同的模型进行比较,评估其在特定任务中的表现。

关键创新:最重要的创新在于通过提示工程提升多模态模型的性能,尤其是在可视任务中实现了较好的准确率,而微调的ViT模型在不可视任务中展现了更高的准确性和可靠性。

关键设计:在实验中,使用了多种模型(如Gemini-pro-vision和GPT-4o),并通过精心设计的提示进行优化。损失函数和参数设置经过调整,以确保模型在特定任务中的最佳表现。

🖼️ 关键图片

fig_0
fig_1
fig_2

📊 实验亮点

实验结果显示,经过提示工程的LMMs在简单触发器检测任务中取得了91.9%的准确率和91%的F1分数,而微调的ViT模型在恶意软件分类任务中则实现了97.11%的F1分数,显示出其在复杂安全任务中的明显优势。

🎯 应用场景

该研究的潜在应用领域包括网络安全、恶意软件检测和图像分析等。通过提升多模态模型在安全任务中的表现,可以为安全防护提供更为强大的工具,未来可能在实际应用中显著提高安全性和响应能力。

📄 摘要(原文)

The success of Large Language Models (LLMs) has led to a parallel rise in the development of Large Multimodal Models (LMMs), which have begun to transform a variety of applications. These sophisticated multimodal models are designed to interpret and analyze complex data by integrating multiple modalities such as text and images, thereby opening new avenues for a range of applications. This paper investigates the applicability and effectiveness of prompt-engineered LMMs that process both images and text, including models such as LLaVA, BakLLaVA, Moondream, Gemini-pro-vision, and GPT-4o, compared to fine-tuned Vision Transformer (ViT) models in addressing critical security challenges. We focus on two distinct security tasks: 1) a visually evident task of detecting simple triggers, such as small pixel variations in images that could be exploited to access potential backdoors in the models, and 2) a visually non-evident task of malware classification through visual representations. In the visually evident task, some LMMs, such as Gemini-pro-vision and GPT-4o, have demonstrated the potential to achieve good performance with careful prompt engineering, with GPT-4o achieving the highest accuracy and F1-score of 91.9\% and 91\%, respectively. However, the fine-tuned ViT models exhibit perfect performance in this task due to its simplicity. For the visually non-evident task, the results highlight a significant divergence in performance, with ViT models achieving F1-scores of 97.11\% in predicting 25 malware classes and 97.61\% in predicting 5 malware families, whereas LMMs showed suboptimal performance despite iterative prompt improvements. This study not only showcases the strengths and limitations of prompt-engineered LMMs in cybersecurity applications but also emphasizes the unmatched efficacy of fine-tuned ViT models for precise and dependable tasks.