Saved in:
Bibliographic Details
Main Authors: Li, Bangxin, Xing, Hengrui, Tian, Cong, Huang, Chao, Qian, Jin, Xiao, Huangqing, Feng, Linfeng
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2406.08754
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916618576068608
author Li, Bangxin
Xing, Hengrui
Tian, Cong
Huang, Chao
Qian, Jin
Xiao, Huangqing
Feng, Linfeng
author_facet Li, Bangxin
Xing, Hengrui
Tian, Cong
Huang, Chao
Qian, Jin
Xiao, Huangqing
Feng, Linfeng
contents Large Language Models (LLMs) are widely used in natural language processing but face the risk of jailbreak attacks that maliciously induce them to generate harmful content. Existing jailbreak attacks, including character-level and context-level attacks, mainly focus on the prompt of plain text without specifically exploring the significant influence of its structure. In this paper, we focus on studying how the prompt structure contributes to the jailbreak attack. We introduce a novel structure-level attack method based on long-tailed structures, which we refer to as Uncommon Text-Organization Structures (UTOS). We extensively study 12 UTOS templates and 6 obfuscation methods to build an effective automated jailbreak tool named StructuralSleight that contains three escalating attack strategies: Structural Attack, Structural and Character/Context Obfuscation Attack, and Fully Obfuscated Structural Attack. Extensive experiments on existing LLMs show that StructuralSleight significantly outperforms the baseline methods. In particular, the attack success rate reaches 94.62\% on GPT-4o, which has not been addressed by state-of-the-art techniques.
format Preprint
id arxiv_https___arxiv_org_abs_2406_08754
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle StructuralSleight: Automated Jailbreak Attacks on Large Language Models Utilizing Uncommon Text-Organization Structures
Li, Bangxin
Xing, Hengrui
Tian, Cong
Huang, Chao
Qian, Jin
Xiao, Huangqing
Feng, Linfeng
Computation and Language
Cryptography and Security
Large Language Models (LLMs) are widely used in natural language processing but face the risk of jailbreak attacks that maliciously induce them to generate harmful content. Existing jailbreak attacks, including character-level and context-level attacks, mainly focus on the prompt of plain text without specifically exploring the significant influence of its structure. In this paper, we focus on studying how the prompt structure contributes to the jailbreak attack. We introduce a novel structure-level attack method based on long-tailed structures, which we refer to as Uncommon Text-Organization Structures (UTOS). We extensively study 12 UTOS templates and 6 obfuscation methods to build an effective automated jailbreak tool named StructuralSleight that contains three escalating attack strategies: Structural Attack, Structural and Character/Context Obfuscation Attack, and Fully Obfuscated Structural Attack. Extensive experiments on existing LLMs show that StructuralSleight significantly outperforms the baseline methods. In particular, the attack success rate reaches 94.62\% on GPT-4o, which has not been addressed by state-of-the-art techniques.
title StructuralSleight: Automated Jailbreak Attacks on Large Language Models Utilizing Uncommon Text-Organization Structures
topic Computation and Language
Cryptography and Security
url https://arxiv.org/abs/2406.08754