| Date: | Friday, May. 23 |
|---|---|
| Time: | 14:45 |
| Location: | N10_302, Institute of Computer Science |
Our guest speaker is Christian-Alexandru Botocan. He will present his Master Thesis.
You are all cordially invited to the CVG Seminar on May 23rd, 2025 at 2:45 pm CEST
Recent advancements in multi-modal models, like CLIP, have significantly enhanced AI tasks such as image classification, object recognition, and cross-modal retrieval by integrating image and language understanding. Assessing the robustness of Multi-Modal models is an important aspect for the safety of its users. In this talk, we will start with assessing the security of SOTA Multi-Modal models against L0-norm perturbation attacks by altereting less than 0.04% of the image. Then, we continue with the main talk focusing on the robustness of Multi-Modal Foundation Models against backdoor attacks. We will focus on addressing the issues of the current SOTA defence method and propose a new defence by using Task Arithmetic - a model-merging technique. The best proposed defense method incorporates Bayesian Optimization to find the optimal scaling factors of the task vectors representing different fine-tuned models. Our results show that these weighted combinations outperform the current SOTA defense, achieving a favorable balance between Attack Success Rate and Clean Accuracy.
Cristian-Alexandru Botocan recently graduated MSc. in Cybersecurity at EPFL-ETHZ. His academic journey starts with the Bachelor in Computer Science and Engineering at TU Delft where he opted for Data Science specialization, focusing on Reccomandation Systems both in academia and industry, with an internship at Amazon Music ML Team in Berlin. Cristian graduated his Bachelor with "Cum Laude" and also did additional research programme called "Honours Programme", where he was focusing on using AI for Side-Channel Attacks against Cryptographic Protocols. However, his research direction during the Master was in the AI security domain. Cristian did a research internship at armassuise Science + Technology, focusing on exploring the robustness of the Multi-Modal Models against Pixel-Perturbations (https://arxiv.org/pdf/2407.18251). His last research experience is represented by the Master Thesis, where he was focusing on a defence method against backdoor attacks for Multi-Modal Models.