Saved in:
Bibliographic Details
Main Authors: Yung, Canaan, Dolatabadi, Hadi Mohaghegh, Erfani, Sarah, Leckie, Christopher
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2402.13517
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909597192683520
author Yung, Canaan
Dolatabadi, Hadi Mohaghegh
Erfani, Sarah
Leckie, Christopher
author_facet Yung, Canaan
Dolatabadi, Hadi Mohaghegh
Erfani, Sarah
Leckie, Christopher
contents Large language models (LLMs) are susceptible to social-engineered attacks that are human-interpretable but require a high level of comprehension for LLMs to counteract. Existing defensive measures can only mitigate less than half of these attacks at most. To address this issue, we propose the Round Trip Translation (RTT) method, the first algorithm specifically designed to defend against social-engineered attacks on LLMs. RTT paraphrases the adversarial prompt and generalizes the idea conveyed, making it easier for LLMs to detect induced harmful behavior. This method is versatile, lightweight, and transferrable to different LLMs. Our defense successfully mitigated over 70% of Prompt Automatic Iterative Refinement (PAIR) attacks, which is currently the most effective defense to the best of our knowledge. We are also the first to attempt mitigating the MathsAttack and reduced its attack success rate by almost 40%. Our code is publicly available at https://github.com/Cancanxxx/Round_Trip_Translation_Defence This version of the article has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: https://doi.org/10.48550/arXiv.2402.13517 Use of this Accepted Version is subject to the publisher's Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms
format Preprint
id arxiv_https___arxiv_org_abs_2402_13517
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Round Trip Translation Defence against Large Language Model Jailbreaking Attacks
Yung, Canaan
Dolatabadi, Hadi Mohaghegh
Erfani, Sarah
Leckie, Christopher
Computation and Language
Artificial Intelligence
Large language models (LLMs) are susceptible to social-engineered attacks that are human-interpretable but require a high level of comprehension for LLMs to counteract. Existing defensive measures can only mitigate less than half of these attacks at most. To address this issue, we propose the Round Trip Translation (RTT) method, the first algorithm specifically designed to defend against social-engineered attacks on LLMs. RTT paraphrases the adversarial prompt and generalizes the idea conveyed, making it easier for LLMs to detect induced harmful behavior. This method is versatile, lightweight, and transferrable to different LLMs. Our defense successfully mitigated over 70% of Prompt Automatic Iterative Refinement (PAIR) attacks, which is currently the most effective defense to the best of our knowledge. We are also the first to attempt mitigating the MathsAttack and reduced its attack success rate by almost 40%. Our code is publicly available at https://github.com/Cancanxxx/Round_Trip_Translation_Defence This version of the article has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: https://doi.org/10.48550/arXiv.2402.13517 Use of this Accepted Version is subject to the publisher's Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-manuscript-terms
title Round Trip Translation Defence against Large Language Model Jailbreaking Attacks
topic Computation and Language
Artificial Intelligence
url https://arxiv.org/abs/2402.13517