Saved in:
Bibliographic Details
Main Authors: Dong, Xiaoning, Hu, Wenbo, Xu, Wei, He, Tianxing
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2412.15289
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866908669933780992
author Dong, Xiaoning
Hu, Wenbo
Xu, Wei
He, Tianxing
author_facet Dong, Xiaoning
Hu, Wenbo
Xu, Wei
He, Tianxing
contents Large language models (LLMs) have made significant advancements across various tasks, but their safety alignment remain a major concern. Exploring jailbreak prompts can expose LLMs' vulnerabilities and guide efforts to secure them. Existing methods primarily design sophisticated instructions for the LLM to follow, or rely on multiple iterations, which could hinder the performance and efficiency of jailbreaks. In this work, we propose a novel jailbreak paradigm, Simple Assistive Task Linkage (SATA), which can effectively circumvent LLM safeguards and elicit harmful responses. Specifically, SATA first masks harmful keywords within a malicious query to generate a relatively benign query containing one or multiple [MASK] special tokens. It then employs a simple assistive task such as a masked language model task or an element lookup by position task to encode the semantics of the masked keywords. Finally, SATA links the assistive task with the masked query to jointly perform the jailbreak. Extensive experiments show that SATA achieves state-of-the-art performance and outperforms baselines by a large margin. Specifically, on AdvBench dataset, with mask language model (MLM) assistive task, SATA achieves an overall attack success rate (ASR) of 85% and harmful score (HS) of 4.57, and with element lookup by position (ELP) assistive task, SATA attains an overall ASR of 76% and HS of 4.43.
format Preprint
id arxiv_https___arxiv_org_abs_2412_15289
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle SATA: A Paradigm for LLM Jailbreak via Simple Assistive Task Linkage
Dong, Xiaoning
Hu, Wenbo
Xu, Wei
He, Tianxing
Cryptography and Security
Artificial Intelligence
Computation and Language
Large language models (LLMs) have made significant advancements across various tasks, but their safety alignment remain a major concern. Exploring jailbreak prompts can expose LLMs' vulnerabilities and guide efforts to secure them. Existing methods primarily design sophisticated instructions for the LLM to follow, or rely on multiple iterations, which could hinder the performance and efficiency of jailbreaks. In this work, we propose a novel jailbreak paradigm, Simple Assistive Task Linkage (SATA), which can effectively circumvent LLM safeguards and elicit harmful responses. Specifically, SATA first masks harmful keywords within a malicious query to generate a relatively benign query containing one or multiple [MASK] special tokens. It then employs a simple assistive task such as a masked language model task or an element lookup by position task to encode the semantics of the masked keywords. Finally, SATA links the assistive task with the masked query to jointly perform the jailbreak. Extensive experiments show that SATA achieves state-of-the-art performance and outperforms baselines by a large margin. Specifically, on AdvBench dataset, with mask language model (MLM) assistive task, SATA achieves an overall attack success rate (ASR) of 85% and harmful score (HS) of 4.57, and with element lookup by position (ELP) assistive task, SATA attains an overall ASR of 76% and HS of 4.43.
title SATA: A Paradigm for LLM Jailbreak via Simple Assistive Task Linkage
topic Cryptography and Security
Artificial Intelligence
Computation and Language
url https://arxiv.org/abs/2412.15289