Saved in:
Bibliographic Details
Main Authors: Xie, Yueqi, Fang, Minghong, Pi, Renjie, Gong, Neil
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2402.13494
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911893451440128
author Xie, Yueqi
Fang, Minghong
Pi, Renjie
Gong, Neil
author_facet Xie, Yueqi
Fang, Minghong
Pi, Renjie
Gong, Neil
contents Large Language Models (LLMs) face threats from jailbreak prompts. Existing methods for detecting jailbreak prompts are primarily online moderation APIs or finetuned LLMs. These strategies, however, often require extensive and resource-intensive data collection and training processes. In this study, we propose GradSafe, which effectively detects jailbreak prompts by scrutinizing the gradients of safety-critical parameters in LLMs. Our method is grounded in a pivotal observation: the gradients of an LLM's loss for jailbreak prompts paired with compliance response exhibit similar patterns on certain safety-critical parameters. In contrast, safe prompts lead to different gradient patterns. Building on this observation, GradSafe analyzes the gradients from prompts (paired with compliance responses) to accurately detect jailbreak prompts. We show that GradSafe, applied to Llama-2 without further training, outperforms Llama Guard, despite its extensive finetuning with a large dataset, in detecting jailbreak prompts. This superior performance is consistent across both zero-shot and adaptation scenarios, as evidenced by our evaluations on ToxicChat and XSTest. The source code is available at https://github.com/xyq7/GradSafe.
format Preprint
id arxiv_https___arxiv_org_abs_2402_13494
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle GradSafe: Detecting Jailbreak Prompts for LLMs via Safety-Critical Gradient Analysis
Xie, Yueqi
Fang, Minghong
Pi, Renjie
Gong, Neil
Computation and Language
Cryptography and Security
Large Language Models (LLMs) face threats from jailbreak prompts. Existing methods for detecting jailbreak prompts are primarily online moderation APIs or finetuned LLMs. These strategies, however, often require extensive and resource-intensive data collection and training processes. In this study, we propose GradSafe, which effectively detects jailbreak prompts by scrutinizing the gradients of safety-critical parameters in LLMs. Our method is grounded in a pivotal observation: the gradients of an LLM's loss for jailbreak prompts paired with compliance response exhibit similar patterns on certain safety-critical parameters. In contrast, safe prompts lead to different gradient patterns. Building on this observation, GradSafe analyzes the gradients from prompts (paired with compliance responses) to accurately detect jailbreak prompts. We show that GradSafe, applied to Llama-2 without further training, outperforms Llama Guard, despite its extensive finetuning with a large dataset, in detecting jailbreak prompts. This superior performance is consistent across both zero-shot and adaptation scenarios, as evidenced by our evaluations on ToxicChat and XSTest. The source code is available at https://github.com/xyq7/GradSafe.
title GradSafe: Detecting Jailbreak Prompts for LLMs via Safety-Critical Gradient Analysis
topic Computation and Language
Cryptography and Security
url https://arxiv.org/abs/2402.13494