Saved in:
Bibliographic Details
Main Authors: Hu, Jiaming, Wang, Haoyu, Mukherjee, Debarghya, Paschalidis, Ioannis Ch.
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.14128
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909744292167680
author Hu, Jiaming
Wang, Haoyu
Mukherjee, Debarghya
Paschalidis, Ioannis Ch.
author_facet Hu, Jiaming
Wang, Haoyu
Mukherjee, Debarghya
Paschalidis, Ioannis Ch.
contents Jailbreak attacks pose a serious challenge to the safe deployment of large language models (LLMs). We introduce CCFC (Core & Core-Full-Core), a dual-track, prompt-level defense framework designed to mitigate LLMs' vulnerabilities from prompt injection and structure-aware jailbreak attacks. CCFC operates by first isolating the semantic core of a user query via few-shot prompting, and then evaluating the query using two complementary tracks: a core-only track to ignore adversarial distractions (e.g., toxic suffixes or prefix injections), and a core-full-core (CFC) track to disrupt the structural patterns exploited by gradient-based or edit-based attacks. The final response is selected based on a safety consistency check across both tracks, ensuring robustness without compromising on response quality. We demonstrate that CCFC cuts attack success rates by 50-75% versus state-of-the-art defenses against strong adversaries (e.g., DeepInception, GCG), without sacrificing fidelity on benign queries. Our method consistently outperforms state-of-the-art prompt-level defenses, offering a practical and effective solution for safer LLM deployment.
format Preprint
id arxiv_https___arxiv_org_abs_2508_14128
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle CCFC: Core & Core-Full-Core Dual-Track Defense for LLM Jailbreak Protection
Hu, Jiaming
Wang, Haoyu
Mukherjee, Debarghya
Paschalidis, Ioannis Ch.
Cryptography and Security
Artificial Intelligence
Jailbreak attacks pose a serious challenge to the safe deployment of large language models (LLMs). We introduce CCFC (Core & Core-Full-Core), a dual-track, prompt-level defense framework designed to mitigate LLMs' vulnerabilities from prompt injection and structure-aware jailbreak attacks. CCFC operates by first isolating the semantic core of a user query via few-shot prompting, and then evaluating the query using two complementary tracks: a core-only track to ignore adversarial distractions (e.g., toxic suffixes or prefix injections), and a core-full-core (CFC) track to disrupt the structural patterns exploited by gradient-based or edit-based attacks. The final response is selected based on a safety consistency check across both tracks, ensuring robustness without compromising on response quality. We demonstrate that CCFC cuts attack success rates by 50-75% versus state-of-the-art defenses against strong adversaries (e.g., DeepInception, GCG), without sacrificing fidelity on benign queries. Our method consistently outperforms state-of-the-art prompt-level defenses, offering a practical and effective solution for safer LLM deployment.
title CCFC: Core & Core-Full-Core Dual-Track Defense for LLM Jailbreak Protection
topic Cryptography and Security
Artificial Intelligence
url https://arxiv.org/abs/2508.14128