Guardado en:
Detalles Bibliográficos
Autores principales: Wang, Zezhong, Yang, Fangkai, Wang, Lu, Zhao, Pu, Wang, Hongru, Chen, Liang, Lin, Qingwei, Wong, Kam-Fai
Formato: Preprint
Publicado: 2023
Materias:
Acceso en línea:https://arxiv.org/abs/2310.15851
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866914724411604992
author Wang, Zezhong
Yang, Fangkai
Wang, Lu
Zhao, Pu
Wang, Hongru
Chen, Liang
Lin, Qingwei
Wong, Kam-Fai
author_facet Wang, Zezhong
Yang, Fangkai
Wang, Lu
Zhao, Pu
Wang, Hongru
Chen, Liang
Lin, Qingwei
Wong, Kam-Fai
contents The jailbreak attack can bypass the safety measures of a Large Language Model (LLM), generating harmful content. This misuse of LLM has led to negative societal consequences. Currently, there are two main approaches to address jailbreak attacks: safety training and safeguards. Safety training focuses on further training LLM to enhance its safety. On the other hand, safeguards involve implementing external models or filters to prevent harmful outputs. However, safety training has constraints in its ability to adapt to new attack types and often leads to a drop in model performance. Safeguards have proven to be of limited help. To tackle these issues, we propose a novel approach called Self-Guard, which combines the strengths of both safety methods. Self-Guard includes two stages. In the first stage, we enhance the model's ability to assess harmful content, and in the second stage, we instruct the model to consistently perform harmful content detection on its own responses. The experiment has demonstrated that Self-Guard is robust against jailbreak attacks. In the bad case analysis, we find that LLM occasionally provides harmless responses to harmful queries. Additionally, we evaluated the general capabilities of the LLM before and after safety training, providing evidence that Self-Guard does not result in the LLM's performance degradation. In sensitivity tests, Self-Guard not only avoids inducing over-sensitivity in LLM but also can even mitigate this issue.
format Preprint
id arxiv_https___arxiv_org_abs_2310_15851
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Self-Guard: Empower the LLM to Safeguard Itself
Wang, Zezhong
Yang, Fangkai
Wang, Lu
Zhao, Pu
Wang, Hongru
Chen, Liang
Lin, Qingwei
Wong, Kam-Fai
Computation and Language
The jailbreak attack can bypass the safety measures of a Large Language Model (LLM), generating harmful content. This misuse of LLM has led to negative societal consequences. Currently, there are two main approaches to address jailbreak attacks: safety training and safeguards. Safety training focuses on further training LLM to enhance its safety. On the other hand, safeguards involve implementing external models or filters to prevent harmful outputs. However, safety training has constraints in its ability to adapt to new attack types and often leads to a drop in model performance. Safeguards have proven to be of limited help. To tackle these issues, we propose a novel approach called Self-Guard, which combines the strengths of both safety methods. Self-Guard includes two stages. In the first stage, we enhance the model's ability to assess harmful content, and in the second stage, we instruct the model to consistently perform harmful content detection on its own responses. The experiment has demonstrated that Self-Guard is robust against jailbreak attacks. In the bad case analysis, we find that LLM occasionally provides harmless responses to harmful queries. Additionally, we evaluated the general capabilities of the LLM before and after safety training, providing evidence that Self-Guard does not result in the LLM's performance degradation. In sensitivity tests, Self-Guard not only avoids inducing over-sensitivity in LLM but also can even mitigate this issue.
title Self-Guard: Empower the LLM to Safeguard Itself
topic Computation and Language
url https://arxiv.org/abs/2310.15851