AdaPPA: Adaptive Position Pre-Fill Jailbreak Attack Approach Targeting LLMs

Lijia Lv, Weigang Zhang, Xuehai Tang, Jie Wen, Feng Liu, Jizhong Han, Songlin Hu
{"title":"AdaPPA: Adaptive Position Pre-Fill Jailbreak Attack Approach Targeting LLMs","authors":"Lijia Lv, Weigang Zhang, Xuehai Tang, Jie Wen, Feng Liu, Jizhong Han, Songlin Hu","doi":"arxiv-2409.07503","DOIUrl":null,"url":null,"abstract":"Jailbreak vulnerabilities in Large Language Models (LLMs) refer to methods\nthat extract malicious content from the model by carefully crafting prompts or\nsuffixes, which has garnered significant attention from the research community.\nHowever, traditional attack methods, which primarily focus on the semantic\nlevel, are easily detected by the model. These methods overlook the difference\nin the model's alignment protection capabilities at different output stages. To\naddress this issue, we propose an adaptive position pre-fill jailbreak attack\napproach for executing jailbreak attacks on LLMs. Our method leverages the\nmodel's instruction-following capabilities to first output pre-filled safe\ncontent, then exploits its narrative-shifting abilities to generate harmful\ncontent. Extensive black-box experiments demonstrate our method can improve the\nattack success rate by 47% on the widely recognized secure model (Llama2)\ncompared to existing approaches. Our code can be found at:\nhttps://github.com/Yummy416/AdaPPA.","PeriodicalId":501332,"journal":{"name":"arXiv - CS - Cryptography and Security","volume":"15 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Cryptography and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.07503","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Jailbreak vulnerabilities in Large Language Models (LLMs) refer to methods that extract malicious content from the model by carefully crafting prompts or suffixes, which has garnered significant attention from the research community. However, traditional attack methods, which primarily focus on the semantic level, are easily detected by the model. These methods overlook the difference in the model's alignment protection capabilities at different output stages. To address this issue, we propose an adaptive position pre-fill jailbreak attack approach for executing jailbreak attacks on LLMs. Our method leverages the model's instruction-following capabilities to first output pre-filled safe content, then exploits its narrative-shifting abilities to generate harmful content. Extensive black-box experiments demonstrate our method can improve the attack success rate by 47% on the widely recognized secure model (Llama2) compared to existing approaches. Our code can be found at: https://github.com/Yummy416/AdaPPA.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
AdaPPA:针对 LLM 的自适应位置预填充越狱攻击方法
大型语言模型(LLM)中的越狱漏洞是指通过精心设计提示语或后缀从模型中提取恶意内容的方法,这已引起了研究界的极大关注。然而,传统的攻击方法主要集中在语义层,很容易被模型检测到。这些方法忽略了模型在不同输出阶段的对齐保护能力差异。为了解决这个问题,我们提出了一种自适应位置预填充越狱攻击方法,用于对 LLM 执行越狱攻击。我们的方法利用模型的指令跟随能力,首先输出预填充的安全内容,然后利用其叙事转换能力生成有害内容。广泛的黑盒实验证明,与现有方法相比,我们的方法可以将公认的安全模型(Llama2)的攻击成功率提高 47%。我们的代码见:https://github.com/Yummy416/AdaPPA。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
PAD-FT: A Lightweight Defense for Backdoor Attacks via Data Purification and Fine-Tuning Artemis: Efficient Commit-and-Prove SNARKs for zkML A Survey-Based Quantitative Analysis of Stress Factors and Their Impacts Among Cybersecurity Professionals Log2graphs: An Unsupervised Framework for Log Anomaly Detection with Efficient Feature Extraction Practical Investigation on the Distinguishability of Longa's Atomic Patterns
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1