{"id":"https://openalex.org/W4409150331","doi":"https://doi.org/10.1145/3690624.3709296","title":"Stabilizing Modality Gap &amp; Lowering Gradient Norms Improve Zero-Shot Adversarial Robustness of VLMs","display_name":"Stabilizing Modality Gap &amp; Lowering Gradient Norms Improve Zero-Shot Adversarial Robustness of VLMs","publication_year":2025,"publication_date":"2025-04-04","ids":{"openalex":"https://openalex.org/W4409150331","doi":"https://doi.org/10.1145/3690624.3709296"},"language":"en","primary_location":{"id":"doi:10.1145/3690624.3709296","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3690624.3709296","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V.1","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3690624.3709296","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5045529705","display_name":"Junhao Dong","orcid":"https://orcid.org/0000-0002-6232-9157"},"institutions":[{"id":"https://openalex.org/I115228651","display_name":"Agency for Science, Technology and Research","ror":"https://ror.org/036wvzt09","country_code":"SG","type":"government","lineage":["https://openalex.org/I115228651"]},{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Junhao Dong","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore and Centre for Frontier AI Research, IHPC, A*STAR, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-6232-9157","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore and Centre for Frontier AI Research, IHPC, A*STAR, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005","https://openalex.org/I115228651"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002212263","display_name":"Piotr Koniusz","orcid":"https://orcid.org/0000-0002-6340-5289"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Piotr Koniusz","raw_affiliation_strings":["Data61, CSIRO, Canberra, ACT, Australia"],"raw_orcid":"https://orcid.org/0000-0002-6340-5289","affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Canberra, ACT, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048340011","display_name":"Xinghua Qu","orcid":"https://orcid.org/0000-0001-8072-2019"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Xinghua Qu","raw_affiliation_strings":["Bytedance, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0001-8072-2019","affiliations":[{"raw_affiliation_string":"Bytedance, Singapore, Singapore","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068243197","display_name":"Yew-Soon Ong","orcid":"https://orcid.org/0000-0002-4480-169X"},"institutions":[{"id":"https://openalex.org/I115228651","display_name":"Agency for Science, Technology and Research","ror":"https://ror.org/036wvzt09","country_code":"SG","type":"government","lineage":["https://openalex.org/I115228651"]},{"id":"https://openalex.org/I172675005","display_name":"Nanyang Technological University","ror":"https://ror.org/02e7b5302","country_code":"SG","type":"education","lineage":["https://openalex.org/I172675005"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Yew-Soon Ong","raw_affiliation_strings":["Nanyang Technological University, Singapore, Singapore and Centre for Frontier AI Research, IHPC, A*STAR, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-4480-169X","affiliations":[{"raw_affiliation_string":"Nanyang Technological University, Singapore, Singapore and Centre for Frontier AI Research, IHPC, A*STAR, Singapore, Singapore","institution_ids":["https://openalex.org/I172675005","https://openalex.org/I115228651"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":5.2763,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.94848833,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":95,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"236","last_page":"247"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9907000064849854,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.7458438873291016},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6321353316307068},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.48746442794799805},{"id":"https://openalex.org/keywords/one-shot","display_name":"One shot","score":0.4396573603153229},{"id":"https://openalex.org/keywords/control-theory","display_name":"Control theory (sociology)","score":0.4165312349796295},{"id":"https://openalex.org/keywords/zero","display_name":"Zero (linguistics)","score":0.41092273592948914},{"id":"https://openalex.org/keywords/mathematical-optimization","display_name":"Mathematical optimization","score":0.34392231702804565},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3400322198867798},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.32500922679901123},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.31100863218307495},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.14750730991363525},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.11635604500770569},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.08084824681282043}],"concepts":[{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.7458438873291016},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6321353316307068},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.48746442794799805},{"id":"https://openalex.org/C2992734406","wikidata":"https://www.wikidata.org/wiki/Q413267","display_name":"One shot","level":2,"score":0.4396573603153229},{"id":"https://openalex.org/C47446073","wikidata":"https://www.wikidata.org/wiki/Q5165890","display_name":"Control theory (sociology)","level":3,"score":0.4165312349796295},{"id":"https://openalex.org/C2780813799","wikidata":"https://www.wikidata.org/wiki/Q3274237","display_name":"Zero (linguistics)","level":2,"score":0.41092273592948914},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.34392231702804565},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3400322198867798},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.32500922679901123},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.31100863218307495},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.14750730991363525},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.11635604500770569},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.08084824681282043},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C78519656","wikidata":"https://www.wikidata.org/wiki/Q101333","display_name":"Mechanical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3690624.3709296","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3690624.3709296","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V.1","raw_type":"proceedings-article"},{"id":"pmh:oai:dr.ntu.edu.sg:10356/201654","is_oa":false,"landing_page_url":"https://hdl.handle.net/10356/201654","pdf_url":null,"source":{"id":"https://openalex.org/S4306402609","display_name":"DR-NTU (Nanyang Technological University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I172675005","host_organization_name":"Nanyang Technological University","host_organization_lineage":["https://openalex.org/I172675005"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"Conference Paper"}],"best_oa_location":{"id":"doi:10.1145/3690624.3709296","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3690624.3709296","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V.1","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":49,"referenced_works":["https://openalex.org/W12634471","https://openalex.org/W569478347","https://openalex.org/W1773149199","https://openalex.org/W1977295328","https://openalex.org/W2047643928","https://openalex.org/W2070996757","https://openalex.org/W2108598243","https://openalex.org/W2138011018","https://openalex.org/W2155904486","https://openalex.org/W2533598788","https://openalex.org/W2606555609","https://openalex.org/W2611650229","https://openalex.org/W2747329762","https://openalex.org/W2774644650","https://openalex.org/W2806857275","https://openalex.org/W2904565150","https://openalex.org/W2911489562","https://openalex.org/W2946363484","https://openalex.org/W2962821226","https://openalex.org/W2962847335","https://openalex.org/W2963466845","https://openalex.org/W2964194231","https://openalex.org/W3101156210","https://openalex.org/W3104224589","https://openalex.org/W3104279398","https://openalex.org/W3198377975","https://openalex.org/W3198675127","https://openalex.org/W3200113267","https://openalex.org/W4225432580","https://openalex.org/W4283317927","https://openalex.org/W4296027312","https://openalex.org/W4312651322","https://openalex.org/W4312830051","https://openalex.org/W4365420523","https://openalex.org/W4380136652","https://openalex.org/W4383751383","https://openalex.org/W4386083049","https://openalex.org/W4387225987","https://openalex.org/W4389519269","https://openalex.org/W4390889737","https://openalex.org/W4401856725","https://openalex.org/W4402704529","https://openalex.org/W4402704568","https://openalex.org/W4402716028","https://openalex.org/W4402727297","https://openalex.org/W4402727671","https://openalex.org/W4402753786","https://openalex.org/W4404782283","https://openalex.org/W6600234944"],"related_works":["https://openalex.org/W2502115930","https://openalex.org/W2482350142","https://openalex.org/W4246396837","https://openalex.org/W3126451824","https://openalex.org/W1561927205","https://openalex.org/W3191453585","https://openalex.org/W4297672492","https://openalex.org/W4310988119","https://openalex.org/W4285226279","https://openalex.org/W4288019534"],"abstract_inverted_index":{"Contemporary":[0],"Vision-Language":[1],"Models":[2],"(VLMs)":[3],"such":[4],"as":[5,77],"CLIP":[6,52,91],"offer":[7],"an":[8,148],"attractive":[9],"zero-shot":[10,94],"classification":[11],"functionality":[12],"facilitated":[13],"by":[14,45,185],"large-scale":[15],"vision-language":[16],"pre-training.":[17],"However,":[18,63],"they":[19],"remain":[20],"vulnerable":[21],"to":[22],"adversarial":[23,95],"attacks,":[24],"a":[25],"critical":[26],"security":[27],"threat":[28],"in":[29,217],"realistic":[30],"deployment.":[31],"Adversarially":[32],"robust":[33,51],"fine-tuning":[34,46,92],"provides":[35],"generalizable":[36],"robustness":[37,83,96,129],"on":[38,55,67,200],"new":[39],"datasets":[40],"while":[41],"preserving":[42],"natural":[43],"performance":[44],"the":[47,60,68,82,102,145,163,170,186,195,198,205,209],"pre-trained":[48],"models.":[49],"Fine-tuning":[50],"typically":[53],"relies":[54],"adversaries":[56,174],"generated":[57],"solely":[58],"from":[59],"vision":[61,69],"branch.":[62],"this":[64],"singular":[65],"focus":[66],"modality,":[70],"coupled":[71],"with":[72,133,175],"static":[73],"text":[74,110,137],"prompts":[75],"used":[76],"fixed":[78],"category":[79],"prototypes,":[80],"limits":[81],"achieved":[84,184],"through":[85],"dual-modality":[86],"fine-tuning.":[87,219],"We":[88,159,193,203],"observe":[89],"for":[90],"that":[93,161],"improves":[97],"when":[98],"we":[99,142],"(i)":[100,144],"stabilize":[101,169],"modality":[103,171,212],"gap":[104,172,213],"(a":[105],"phenomenon":[106],"where":[107],"image":[108],"and":[109,117,136,153,168],"features":[111,152],"occupy":[112],"different":[113],"feature":[114],"space":[115],"regions)":[116],"(ii)":[118,154],"lower/stabilize":[119],"gradient":[120,191,215],"norms.":[121,192],"Both":[122],"these":[123],"steps":[124],"enjoy":[125],"further":[126],"improvement":[127],"of":[128,147,151,157,182,197,211],"if":[130],"one":[131],"fine-tunes":[132],"both":[134,140],"visual":[135],"adversaries.":[138],"For":[139],"modalities,":[141],"leverage":[143],"maximization":[146],"effective":[149,164],"rank":[150,165],"noise":[155,180],"modulation":[156,181],"features.":[158],"show":[160],"maximizing":[162],"helps":[166],"lower":[167],"over":[173],"varying":[176],"perturbation":[177],"radii.":[178],"The":[179],"features,":[183],"so-called":[187],"count":[188],"sketching,":[189],"lowers/stabilizes":[190],"outperform":[194],"state":[196],"art":[199],"15":[201],"datasets.":[202],"provide":[204],"first":[206],"insights":[207],"into":[208],"effects":[210],"&":[214],"norms":[216],"VLM":[218]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":2}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}