Summary of Defending Llms Against Jailbreaking Attacks Via Backtranslation, by Yihan Wang et al.
Defending LLMs against Jailbreaking Attacks via Backtranslation
by Yihan Wang, Zhouxing Shi, Andrew Bai, Cho-Jui Hsieh
First submitted to arxiv on: 26 Feb 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper proposes a new method for defending large language models (LLMs) against jailbreaking attacks. Jailbreaking attacks involve rewriting the original prompt to conceal its harmful intent, which can still occur even when LLMs are trained to refuse such requests. The proposed defense uses “backtranslation” to detect and prevent these attacks. The approach involves generating an input prompt that can lead to a specific response from the target LLM, thereby revealing the actual intent of the original prompt. This is done by iteratively refining the backtranslated prompts until the LLM refuses them, indicating a harmful intent. The proposed defense provides several benefits in terms of effectiveness and efficiency and outperforms baselines in challenging scenarios while maintaining generation quality for benign input prompts. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper helps keep large language models safe from bad requests. It shows how attackers can still trick these models even if they’re trained to say no to harmful prompts. The researchers came up with a new way to stop this by “backtranslating” the model’s response. This means generating a prompt that leads to the same answer, which usually reveals what the attacker really wanted to say. If the model says no to the backtranslated prompt, it means the original prompt was bad too. The new method is better than others at catching these attacks and doesn’t ruin the model’s ability to respond well to good prompts. |
Keywords
» Artificial intelligence » Prompt
