Summary of Stealthy Jailbreak Attacks on Large Language Models Via Benign Data Mirroring, by Honglin Mu et al.
Stealthy Jailbreak Attacks on Large Language Models via Benign Data Mirroring
by Honglin Mu, Han He, Yuxin Zhou, Yunlong Feng, Yang Xu, Libo Qin, Xiaoming Shi, Zeming Liu, Xudong Han, Qi Shi, Qingfu Zhu, Wanxiang Che
First submitted to arxiv on: 28 Oct 2024
Categories
- Main: Computation and Language (cs.CL)
- Secondary: Artificial Intelligence (cs.AI)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This research paper proposes an improved transfer attack method to enhance the stealthiness of large language model (LLM) safety attacks. The existing black-box jailbreak methods rely on model feedback, which may be detected by content moderators during the search process. The new approach guides malicious prompt construction by locally training a mirror model of the target LLM through benign data distillation. This method achieves a maximum attack success rate of 92% or a balanced value of 80% with an average of 1.5 detectable jailbreak queries per sample against GPT-3.5 Turbo on a subset of AdvBench. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Large language model safety is important to prevent models from producing unwanted outputs. Researchers are working on methods to test and improve model security. One way to do this is by testing how well the model can resist being tricked into giving bad answers. The new method in this paper helps make it harder for content moderators to detect when a model is being attacked, making it more secure. |
Keywords
» Artificial intelligence » Distillation » Gpt » Large language model » Prompt
