Saved in:
Bibliographic Details
Main Authors: Li, Xiangman, Wu, Xiaodong, Li, Qi, Ni, Jianbing, Lu, Rongxing
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.15182
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912546390278144
author Li, Xiangman
Wu, Xiaodong
Li, Qi
Ni, Jianbing
Lu, Rongxing
author_facet Li, Xiangman
Wu, Xiaodong
Li, Qi
Ni, Jianbing
Lu, Rongxing
contents Jailbreak attacks pose a serious threat to the safety of Large Language Models (LLMs) by crafting adversarial prompts that bypass alignment mechanisms, causing the models to produce harmful, restricted, or biased content. In this paper, we propose SafeLLM, a novel unlearning-based defense framework that unlearn the harmful knowledge from LLMs while preserving linguistic fluency and general capabilities. SafeLLM employs a three-stage pipeline: (1) dynamic unsafe output detection using a hybrid approach that integrates external classifiers with model-internal evaluations; (2) token-level harmful content tracing through feedforward network (FFN) activations to localize harmful knowledge; and (3) constrained optimization to suppress unsafe behavior without degrading overall model quality. SafeLLM achieves targeted and irreversible forgetting by identifying and neutralizing FFN substructures responsible for harmful generation pathways. Extensive experiments on prominent LLMs (Vicuna, LLaMA, and GPT-J) across multiple jailbreak benchmarks show that SafeLLM substantially reduces attack success rates while maintaining high general-purpose performance. Compared to standard defense methods such as supervised fine-tuning and direct preference optimization, SafeLLM offers stronger safety guarantees, more precise control over harmful behavior, and greater robustness to unseen attacks. Moreover, SafeLLM maintains the general performance after the harmful knowledge unlearned. These results highlight unlearning as a promising direction for scalable and effective LLM safety.
format Preprint
id arxiv_https___arxiv_org_abs_2508_15182
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle SafeLLM: Unlearning Harmful Outputs from Large Language Models against Jailbreak Attacks
Li, Xiangman
Wu, Xiaodong
Li, Qi
Ni, Jianbing
Lu, Rongxing
Machine Learning
Jailbreak attacks pose a serious threat to the safety of Large Language Models (LLMs) by crafting adversarial prompts that bypass alignment mechanisms, causing the models to produce harmful, restricted, or biased content. In this paper, we propose SafeLLM, a novel unlearning-based defense framework that unlearn the harmful knowledge from LLMs while preserving linguistic fluency and general capabilities. SafeLLM employs a three-stage pipeline: (1) dynamic unsafe output detection using a hybrid approach that integrates external classifiers with model-internal evaluations; (2) token-level harmful content tracing through feedforward network (FFN) activations to localize harmful knowledge; and (3) constrained optimization to suppress unsafe behavior without degrading overall model quality. SafeLLM achieves targeted and irreversible forgetting by identifying and neutralizing FFN substructures responsible for harmful generation pathways. Extensive experiments on prominent LLMs (Vicuna, LLaMA, and GPT-J) across multiple jailbreak benchmarks show that SafeLLM substantially reduces attack success rates while maintaining high general-purpose performance. Compared to standard defense methods such as supervised fine-tuning and direct preference optimization, SafeLLM offers stronger safety guarantees, more precise control over harmful behavior, and greater robustness to unseen attacks. Moreover, SafeLLM maintains the general performance after the harmful knowledge unlearned. These results highlight unlearning as a promising direction for scalable and effective LLM safety.
title SafeLLM: Unlearning Harmful Outputs from Large Language Models against Jailbreak Attacks
topic Machine Learning
url https://arxiv.org/abs/2508.15182