Poison Sample Detection and Trigger Retrieval in Multimodal VLMs - ICIP2025 Grand Challenge
This grand challenge is supported by National Intelligence and Security Discovery Research Grants (project# NS220100007), funded by the Department of Defence Australia.
Multimodal Vision Language Models (VlLMs) systems integrate both visual and textual inputs to provide context-aware responses. These models are rapidly becoming foundational tools across domains like autonomous vehicles, defense systems, medical imaging, and assistive technologies.
However, their deployment introduces a significant threat surface for backdoor attacks β subtle, malicious manipulations of training data that embed hidden triggers. When activated, these triggers can force the model to output incorrect or adversarial responses. Such vulnerabilities raise concerns about trust, transparency, and safety in AI systems.
The ICIP 2025 Grand Challenge seeks to address this problem head-on by inviting the research community to develop methods for detecting poisoned samples and retrieving hidden triggers in multimodal VLMs.
π― Challenge Overview
This challenge is structured around three core VLM tasks, each with three independently backdoor-injected models (9 total models):
- π·οΈ Object Identification
- π¨ Threat Detection
- π’ Object Counting
Participants will analyze an image dataset that includes both clean and poisoned samples. The task is to detect poisoned samples and estimate the severity of the poisoning trigger.
Securing multimodal VLMs is more than a technical problem β itβs a societal necessity, with implications ranging from public safety to the ethical deployment of AI in the real world!
Participants must submit:
- The completed βICIP25_poison_sample_detection_results.csvβ results file
- A 4-page paper (ICIP format) detailing methods and results
π§ͺ Evaluation Criteria:
- Detection Accuracy (40%): Poisoned vs. clean
- Severity Classification (40%):
- Weak (hard) β 10%
- Moderate (medium) β 15%
- Strong (easy) β 15%
- Paper Quality (20%): Clarity, methodology, and insight
Submissions are reviewed via double-blind review by at least two reviewers.
π Timeline
| Milestone | Date |
|---|---|
| π Dataset Release | April 23, 2025 |
| π Registration Deadline | May 14, 2025 |
| π€ Paper Submission | May 28, 2025 |
| β Acceptance Notification | June 25, 2025 |
| π Final Paper Due | July 2, 2025 |
| π Winner Notification | July 2, 2025 |
| π€ ICIP | September 2025 |
π Rules
- Eligibility: Open to all research, academic, and industry participants
- Submissions: Manuscript (4 pages) + CSV results file
- Dataset Use: Only the provided dataset is permitted
- Evaluation: Two-stage scoring (accuracy + severity)
- Ethics: No plagiarism; original work only
- Team Submissions: Allowed; list all team members
- Deadlines: No late or revised submissions
- Disqualification: For any rule violations
π₯ Organizers
- Jordan Vice β University of Western Australia
jordan.vice@uwa.edu.au - Ajmal Mian β University of Western Australia
ajmal.mian@uwa.edu.au - Richard Hartley β Australian National University
- Naveed Akhtar β University of Melbourne
Contact
For questions or clarifications, contact:
π§ jordan.vice@uwa.edu.au
Dataset Information
- π¦ Total Images: 38,124
- π§ͺ Data Composition: A mix of clean and poisoned samples
- π Image Labeling: Unique IDs only (no descriptive metadata)
- π Results File Format (.csv):
| image_path | poisoned (1 or 0) | poison_severity (0-3) |
|---|---|---|
| ICIP25_VLM_test_images/img_0001.jpg | 1 | 3 |
| ICIP25_VLM_test_images/img_0002.jpg | 0 | 0 |
π₯ Results Template
The results template file can be found at βICIP25_poison_sample_detection_results.csvβ