CS Special Seminar: Francesco Croce "Evaluating and Improving Adversarial Robustness: from Image Classifiers to Multimodal Foundation Models"

Evaluating and Improving Adversarial Robustness: from Image Classifiers to Multimodal Foundation Models

Francesco Croce
EPFL
Google Scholar

Abstract: Despite their impressive performance in virtually all language and vision tasks, deep learning models are highly vulnerable to adversarial attacks: small malicious perturbations to an input, invisible or irrelevant to humans, can completely alter the output of the models. The existence of adversarial perturbations fundamentally threatens the safe and secure deployment of deep learning models, and reveals how they rely on different features of the data compared to humans to solve the same task. In this talk, I will first discuss the steps towards building a reliable and standardized benchmark of the adversarial robustness of image classifiers, i.e., their ability to resist adversarial perturbations. This framework enables the community to track and, consequently, accelerate progress of robust models. Then, I will show how the experience and techniques developed in image classification can be effectively applied to improve the robustness of frontier multimodal models such as CLIP and LLaVA. Surprisingly, this increased robustness also leads to models that better capture human similarity perception and are more interpretable. Finally, I will discuss future research direction aimed at developing multimodal models that are robust to both adversarial attacks and distribution shifts.

Bio: Francesco Croce is a postdoctoral researcher at EPFL in the Theory of Machine Learning Laboratory. He received his PhD from the University of Tübingen in 2023. His research interests include adversarial robustness, multimodal modeling, and automated metrics that capture human perception. His PhD thesis was awarded the MVTec Dissertation Award 2024 from the German Association for Pattern Recognition, as well as the Wilhelm Schickard Dissertation Award 2024 for the best dissertation in the Department of Computer Science at the University of Tübingen.