FlexLLM: Exploring LLM Customization for Moving Target Defense on Black-Box LLMs Against Jailbreak Attacks
Salvato in:
| Pubblicato in: | arXiv.org (Dec 10, 2024), p. n/a |
|---|---|
| Autore principale: | |
| Altri autori: | , |
| Pubblicazione: |
Cornell University Library, arXiv.org
|
| Soggetti: | |
| Accesso online: | Citation/Abstract Full text outside of ProQuest |
| Tags: |
Nessun Tag, puoi essere il primo ad aggiungerne!!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3143054177 | ||
| 003 | UK-CbPIL | ||
| 022 | |a 2331-8422 | ||
| 035 | |a 3143054177 | ||
| 045 | 0 | |b d20241210 | |
| 100 | 1 | |a Chen, Bocheng | |
| 245 | 1 | |a FlexLLM: Exploring LLM Customization for Moving Target Defense on Black-Box LLMs Against Jailbreak Attacks | |
| 260 | |b Cornell University Library, arXiv.org |c Dec 10, 2024 | ||
| 513 | |a Working Paper | ||
| 520 | 3 | |a Defense in large language models (LLMs) is crucial to counter the numerous attackers exploiting these systems to generate harmful content through manipulated prompts, known as jailbreak attacks. Although many defense strategies have been proposed, they often require access to the model's internal structure or need additional training, which is impractical for service providers using LLM APIs, such as OpenAI APIs or Claude APIs. In this paper, we propose a moving target defense approach that alters decoding hyperparameters to enhance model robustness against various jailbreak attacks. Our approach does not require access to the model's internal structure and incurs no additional training costs. The proposed defense includes two key components: (1) optimizing the decoding strategy by identifying and adjusting decoding hyperparameters that influence token generation probabilities, and (2) transforming the decoding hyperparameters and model system prompts into dynamic targets, which are continuously altered during each runtime. By continuously modifying decoding strategies and prompts, the defense effectively mitigates the existing attacks. Our results demonstrate that our defense is the most effective against jailbreak attacks in three of the models tested when using LLMs as black-box APIs. Moreover, our defense offers lower inference costs and maintains comparable response quality, making it a potential layer of protection when used alongside other defense methods. | |
| 653 | |a Application programming interface | ||
| 653 | |a Prompt engineering | ||
| 653 | |a Black boxes | ||
| 653 | |a Large language models | ||
| 653 | |a Defense | ||
| 653 | |a Moving targets | ||
| 700 | 1 | |a Guo, Hanqing | |
| 700 | 1 | |a Qiben Yan | |
| 773 | 0 | |t arXiv.org |g (Dec 10, 2024), p. n/a | |
| 786 | 0 | |d ProQuest |t Engineering Database | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3143054177/abstract/embedded/ZKJTFFSVAI7CB62C?source=fedsrch |
| 856 | 4 | 0 | |3 Full text outside of ProQuest |u http://arxiv.org/abs/2412.07672 |