Saved in:
Bibliographic Details
Main Authors: Dong, Jianshuo, Zhang, Ziyuan, Zhang, Qingjie, Zhang, Tianwei, Wang, Hao, Li, Hewu, Li, Qi, Zhang, Chao, Xu, Ke, Qiu, Han
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2412.19394
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916611394371584
author Dong, Jianshuo
Zhang, Ziyuan
Zhang, Qingjie
Zhang, Tianwei
Wang, Hao
Li, Hewu
Li, Qi
Zhang, Chao
Xu, Ke
Qiu, Han
author_facet Dong, Jianshuo
Zhang, Ziyuan
Zhang, Qingjie
Zhang, Tianwei
Wang, Hao
Li, Hewu
Li, Qi
Zhang, Chao
Xu, Ke
Qiu, Han
contents Auto-regressive large language models (LLMs) have yielded impressive performance in many real-world tasks. However, the new paradigm of these LLMs also exposes novel threats. In this paper, we explore their vulnerability to inference cost attacks, where a malicious user crafts Engorgio prompts to intentionally increase the computation cost and latency of the inference process. We design Engorgio, a novel methodology, to efficiently generate adversarial Engorgio prompts to affect the target LLM's service availability. Engorgio has the following two technical contributions. (1) We employ a parameterized distribution to track LLMs' prediction trajectory. (2) Targeting the auto-regressive nature of LLMs' inference process, we propose novel loss functions to stably suppress the appearance of the <EOS> token, whose occurrence will interrupt the LLM's generation process. We conduct extensive experiments on 13 open-sourced LLMs with parameters ranging from 125M to 30B. The results show that Engorgio prompts can successfully induce LLMs to generate abnormally long outputs (i.e., roughly 2-13$\times$ longer to reach 90%+ of the output length limit) in a white-box scenario and our real-world experiment demonstrates Engergio's threat to LLM service with limited computing resources. The code is released at: https://github.com/jianshuod/Engorgio-prompt.
format Preprint
id arxiv_https___arxiv_org_abs_2412_19394
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle An Engorgio Prompt Makes Large Language Model Babble on
Dong, Jianshuo
Zhang, Ziyuan
Zhang, Qingjie
Zhang, Tianwei
Wang, Hao
Li, Hewu
Li, Qi
Zhang, Chao
Xu, Ke
Qiu, Han
Cryptography and Security
Artificial Intelligence
Auto-regressive large language models (LLMs) have yielded impressive performance in many real-world tasks. However, the new paradigm of these LLMs also exposes novel threats. In this paper, we explore their vulnerability to inference cost attacks, where a malicious user crafts Engorgio prompts to intentionally increase the computation cost and latency of the inference process. We design Engorgio, a novel methodology, to efficiently generate adversarial Engorgio prompts to affect the target LLM's service availability. Engorgio has the following two technical contributions. (1) We employ a parameterized distribution to track LLMs' prediction trajectory. (2) Targeting the auto-regressive nature of LLMs' inference process, we propose novel loss functions to stably suppress the appearance of the <EOS> token, whose occurrence will interrupt the LLM's generation process. We conduct extensive experiments on 13 open-sourced LLMs with parameters ranging from 125M to 30B. The results show that Engorgio prompts can successfully induce LLMs to generate abnormally long outputs (i.e., roughly 2-13$\times$ longer to reach 90%+ of the output length limit) in a white-box scenario and our real-world experiment demonstrates Engergio's threat to LLM service with limited computing resources. The code is released at: https://github.com/jianshuod/Engorgio-prompt.
title An Engorgio Prompt Makes Large Language Model Babble on
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2412.19394