Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Preprint |
| Published: |
2025
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2508.14128 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866909744292167680 |
|---|---|
| author | Hu, Jiaming Wang, Haoyu Mukherjee, Debarghya Paschalidis, Ioannis Ch. |
| author_facet | Hu, Jiaming Wang, Haoyu Mukherjee, Debarghya Paschalidis, Ioannis Ch. |
| contents | Jailbreak attacks pose a serious challenge to the safe deployment of large language models (LLMs). We introduce CCFC (Core & Core-Full-Core), a dual-track, prompt-level defense framework designed to mitigate LLMs' vulnerabilities from prompt injection and structure-aware jailbreak attacks. CCFC operates by first isolating the semantic core of a user query via few-shot prompting, and then evaluating the query using two complementary tracks: a core-only track to ignore adversarial distractions (e.g., toxic suffixes or prefix injections), and a core-full-core (CFC) track to disrupt the structural patterns exploited by gradient-based or edit-based attacks. The final response is selected based on a safety consistency check across both tracks, ensuring robustness without compromising on response quality. We demonstrate that CCFC cuts attack success rates by 50-75% versus state-of-the-art defenses against strong adversaries (e.g., DeepInception, GCG), without sacrificing fidelity on benign queries. Our method consistently outperforms state-of-the-art prompt-level defenses, offering a practical and effective solution for safer LLM deployment. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2508_14128 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | CCFC: Core & Core-Full-Core Dual-Track Defense for LLM Jailbreak Protection Hu, Jiaming Wang, Haoyu Mukherjee, Debarghya Paschalidis, Ioannis Ch. Cryptography and Security Artificial Intelligence Jailbreak attacks pose a serious challenge to the safe deployment of large language models (LLMs). We introduce CCFC (Core & Core-Full-Core), a dual-track, prompt-level defense framework designed to mitigate LLMs' vulnerabilities from prompt injection and structure-aware jailbreak attacks. CCFC operates by first isolating the semantic core of a user query via few-shot prompting, and then evaluating the query using two complementary tracks: a core-only track to ignore adversarial distractions (e.g., toxic suffixes or prefix injections), and a core-full-core (CFC) track to disrupt the structural patterns exploited by gradient-based or edit-based attacks. The final response is selected based on a safety consistency check across both tracks, ensuring robustness without compromising on response quality. We demonstrate that CCFC cuts attack success rates by 50-75% versus state-of-the-art defenses against strong adversaries (e.g., DeepInception, GCG), without sacrificing fidelity on benign queries. Our method consistently outperforms state-of-the-art prompt-level defenses, offering a practical and effective solution for safer LLM deployment. |
| title | CCFC: Core & Core-Full-Core Dual-Track Defense for LLM Jailbreak Protection |
| topic | Cryptography and Security Artificial Intelligence |
| url | https://arxiv.org/abs/2508.14128 |