{"id":"https://openalex.org/W7137840480","doi":"https://doi.org/10.48550/arxiv.2603.15259","title":"Directional Embedding Smoothing for Robust Vision Language Models","display_name":"Directional Embedding Smoothing for Robust Vision Language Models","publication_year":2026,"publication_date":"2026-03-16","ids":{"openalex":"https://openalex.org/W7137840480","doi":"https://doi.org/10.48550/arxiv.2603.15259"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.15259","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.15259","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.15259","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129687308","display_name":"Ye Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Ye","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129694866","display_name":"Jing Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Jing","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5129719093","display_name":"Toshiaki Koike-Akino","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Koike-Akino, Toshiaki","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9287999868392944,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9287999868392944,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11714","display_name":"Multimodal Machine Learning Applications","score":0.015599999576807022,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.011800000444054604,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/smoothing","display_name":"Smoothing","score":0.6820999979972839},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.6320000290870667},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.5558000206947327},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.4887000024318695},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.4399000108242035},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.4372999966144562},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.40119999647140503}],"concepts":[{"id":"https://openalex.org/C3770464","wikidata":"https://www.wikidata.org/wiki/Q775963","display_name":"Smoothing","level":2,"score":0.6820999979972839},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6467999815940857},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.6320000290870667},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.5558000206947327},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.4887000024318695},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4544999897480011},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.4399000108242035},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.4372999966144562},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.40119999647140503},{"id":"https://openalex.org/C153701036","wikidata":"https://www.wikidata.org/wiki/Q659974","display_name":"Trustworthiness","level":2,"score":0.3971000015735626},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.34950000047683716},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.34869998693466187},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.3458999991416931},{"id":"https://openalex.org/C28490314","wikidata":"https://www.wikidata.org/wiki/Q189436","display_name":"Speech recognition","level":1,"score":0.33230000734329224},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.303600013256073},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2842999994754791},{"id":"https://openalex.org/C2780909371","wikidata":"https://www.wikidata.org/wiki/Q4801092","display_name":"Artificial noise","level":4,"score":0.2784000039100647},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2718000113964081},{"id":"https://openalex.org/C134121241","wikidata":"https://www.wikidata.org/wiki/Q899301","display_name":"Yield (engineering)","level":2,"score":0.2655999958515167},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.2590000033378601}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.15259","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.15259","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.15259","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.15259","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"The":[0],"safety":[1,28],"and":[2,43,50],"reliability":[3],"of":[4,12,58,77,117],"vision-language":[5],"models":[6],"(VLMs)":[7],"are":[8],"a":[9,112],"crucial":[10],"part":[11],"deploying":[13],"trustworthy":[14],"agentic":[15,109],"AI":[16],"systems.":[17],"However,":[18],"VLMs":[19,49,107],"remain":[20],"vulnerable":[21],"to":[22,30,48,105],"jailbreaking":[23,60],"attacks":[24],"that":[25,64,101],"undermine":[26],"their":[27],"alignment":[29],"yield":[31],"harmful":[32],"outputs.":[33],"In":[34],"this":[35,74],"work,":[36],"we":[37],"extend":[38],"the":[39,55,87,93],"Randomized":[40],"Embedding":[41],"Smoothing":[42],"Token":[44],"Aggregation":[45],"(RESTA)":[46],"defense":[47,115],"evaluate":[51],"its":[52],"performance":[53],"against":[54],"JailBreakV-28K":[56],"benchmark":[57],"multi-modal":[59],"attacks.":[61],"We":[62],"find":[63],"RESTA":[65,102],"is":[66,90],"effective":[67],"in":[68,79],"reducing":[69],"attack":[70],"success":[71],"rate":[72],"over":[73],"diverse":[75],"corpus":[76],"attacks,":[78],"particular,":[80],"when":[81],"employing":[82],"directional":[83],"embedding":[84,96],"noise,":[85],"where":[86],"injected":[88],"noise":[89],"aligned":[91],"with":[92],"original":[94],"token":[95],"vectors.":[97],"Our":[98],"results":[99],"demonstrate":[100],"can":[103],"contribute":[104],"securing":[106],"within":[108],"systems,":[110],"as":[111],"lightweight,":[113],"inference-time":[114],"layer":[116],"an":[118],"overall":[119],"security":[120],"framework.":[121]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-03-18T00:00:00"}