Saved in:
Bibliographic Details
Main Authors: Jha, Piyush, Arora, Arnav, Ganesh, Vijay
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2411.08862
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912855101538304
author Jha, Piyush
Arora, Arnav
Ganesh, Vijay
author_facet Jha, Piyush
Arora, Arnav
Ganesh, Vijay
contents We introduce LLMStinger, a novel approach that leverages Large Language Models (LLMs) to automatically generate adversarial suffixes for jailbreak attacks. Unlike traditional methods, which require complex prompt engineering or white-box access, LLMStinger uses a reinforcement learning (RL) loop to fine-tune an attacker LLM, generating new suffixes based on existing attacks for harmful questions from the HarmBench benchmark. Our method significantly outperforms existing red-teaming approaches (we compared against 15 of the latest methods), achieving a +57.2% improvement in Attack Success Rate (ASR) on LLaMA2-7B-chat and a +50.3% ASR increase on Claude 2, both models known for their extensive safety measures. Additionally, we achieved a 94.97% ASR on GPT-3.5 and 99.4% on Gemma-2B-it, demonstrating the robustness and adaptability of LLMStinger across open and closed-source models.
format Preprint
id arxiv_https___arxiv_org_abs_2411_08862
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle LLMStinger: Jailbreaking LLMs using RL fine-tuned LLMs
Jha, Piyush
Arora, Arnav
Ganesh, Vijay
Machine Learning
Cryptography and Security
We introduce LLMStinger, a novel approach that leverages Large Language Models (LLMs) to automatically generate adversarial suffixes for jailbreak attacks. Unlike traditional methods, which require complex prompt engineering or white-box access, LLMStinger uses a reinforcement learning (RL) loop to fine-tune an attacker LLM, generating new suffixes based on existing attacks for harmful questions from the HarmBench benchmark. Our method significantly outperforms existing red-teaming approaches (we compared against 15 of the latest methods), achieving a +57.2% improvement in Attack Success Rate (ASR) on LLaMA2-7B-chat and a +50.3% ASR increase on Claude 2, both models known for their extensive safety measures. Additionally, we achieved a 94.97% ASR on GPT-3.5 and 99.4% on Gemma-2B-it, demonstrating the robustness and adaptability of LLMStinger across open and closed-source models.
title LLMStinger: Jailbreaking LLMs using RL fine-tuned LLMs
topic Machine Learning
Cryptography and Security
url https://arxiv.org/abs/2411.08862