Saved in:
Bibliographic Details
Main Authors: Li, Yu, Jiang, Han, Wei, Zhihua
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2504.13562
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916696170692608
author Li, Yu
Jiang, Han
Wei, Zhihua
author_facet Li, Yu
Jiang, Han
Wei, Zhihua
contents With the widespread adoption of Large Language Models (LLMs), jailbreak attacks have become an increasingly pressing safety concern. While safety-aligned LLMs can effectively defend against normal harmful queries, they remain vulnerable to such attacks. Existing defense methods primarily rely on fine-tuning or input modification, which often suffer from limited generalization and reduced utility. To address this, we introduce DETAM, a finetuning-free defense approach that improves the defensive capabilities against jailbreak attacks of LLMs via targeted attention modification. Specifically, we analyze the differences in attention scores between successful and unsuccessful defenses to identify the attention heads sensitive to jailbreak attacks. During inference, we reallocate attention to emphasize the user's core intention, minimizing interference from attack tokens. Our experimental results demonstrate that DETAM outperforms various baselines in jailbreak defense and exhibits robust generalization across different attacks and models, maintaining its effectiveness even on in-the-wild jailbreak data. Furthermore, in evaluating the model's utility, we incorporated over-defense datasets, which further validate the superior performance of our approach. The code will be released immediately upon acceptance.
format Preprint
id arxiv_https___arxiv_org_abs_2504_13562
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle DETAM: Defending LLMs Against Jailbreak Attacks via Targeted Attention Modification
Li, Yu
Jiang, Han
Wei, Zhihua
Computation and Language
With the widespread adoption of Large Language Models (LLMs), jailbreak attacks have become an increasingly pressing safety concern. While safety-aligned LLMs can effectively defend against normal harmful queries, they remain vulnerable to such attacks. Existing defense methods primarily rely on fine-tuning or input modification, which often suffer from limited generalization and reduced utility. To address this, we introduce DETAM, a finetuning-free defense approach that improves the defensive capabilities against jailbreak attacks of LLMs via targeted attention modification. Specifically, we analyze the differences in attention scores between successful and unsuccessful defenses to identify the attention heads sensitive to jailbreak attacks. During inference, we reallocate attention to emphasize the user's core intention, minimizing interference from attack tokens. Our experimental results demonstrate that DETAM outperforms various baselines in jailbreak defense and exhibits robust generalization across different attacks and models, maintaining its effectiveness even on in-the-wild jailbreak data. Furthermore, in evaluating the model's utility, we incorporated over-defense datasets, which further validate the superior performance of our approach. The code will be released immediately upon acceptance.
title DETAM: Defending LLMs Against Jailbreak Attacks via Targeted Attention Modification
topic Computation and Language
url https://arxiv.org/abs/2504.13562