tf攻击：针对大型语言模型的可转移且快速的对抗性攻击

IF 7.6 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE Knowledge-Based Systems Pub Date : 2025-03-15 Epub Date: 2025-02-07 DOI:10.1016/j.knosys.2025.113117

Zelin Li , Kehai Chen , Lemao Liu , Xuefeng Bai , Mingming Yang , Yang Xiang , Min Zhang

{"title":"tf攻击：针对大型语言模型的可转移且快速的对抗性攻击","authors":"Zelin Li , Kehai Chen , Lemao Liu , Xuefeng Bai , Mingming Yang , Yang Xiang , Min Zhang","doi":"10.1016/j.knosys.2025.113117","DOIUrl":null,"url":null,"abstract":"<div><div>With the great advancements in large language models (LLMs), <em>adversarial attacks</em> against LLMs have recently attracted increasing attention. We found that pre-existing adversarial attack methodologies exhibit limited transferability and are notably inefficient, particularly when applied to LLMs. In this paper, we analyze the core mechanisms of previous predominant adversarial attack methods, revealing that (1) the distributions of importance score differ markedly among victim models, restricting the transferability; (2) the sequential attack processes induces substantial time overheads. Based on the above two insights, we introduce a new scheme, named <span>TF-Attack</span>, for <strong>T</strong>ransferable and <strong>F</strong>ast adversarial attacks on LLMs. <span>TF-Attack</span> employs an external LLM as a third-party overseer rather than the victim model to identify critical units within sentences. Moreover, <span>TF-Attack</span> introduces the concept of <em>Importance Level</em>, which allows for parallel substitutions of attacks. We conduct extensive experiments on 6 widely adopted benchmarks, evaluating the proposed method through both automatic and human metrics. Results show that our method consistently surpasses previous methods in transferability and delivers significant speed improvements, up to 10<span><math><mo>×</mo></math></span> faster than earlier attack strategies.</div></div>","PeriodicalId":49939,"journal":{"name":"Knowledge-Based Systems","volume":"312 ","pages":"Article 113117"},"PeriodicalIF":7.6000,"publicationDate":"2025-03-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"TF-Attack: Transferable and fast adversarial attacks on large language models\",\"authors\":\"Zelin Li , Kehai Chen , Lemao Liu , Xuefeng Bai , Mingming Yang , Yang Xiang , Min Zhang\",\"doi\":\"10.1016/j.knosys.2025.113117\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>With the great advancements in large language models (LLMs), <em>adversarial attacks</em> against LLMs have recently attracted increasing attention. We found that pre-existing adversarial attack methodologies exhibit limited transferability and are notably inefficient, particularly when applied to LLMs. In this paper, we analyze the core mechanisms of previous predominant adversarial attack methods, revealing that (1) the distributions of importance score differ markedly among victim models, restricting the transferability; (2) the sequential attack processes induces substantial time overheads. Based on the above two insights, we introduce a new scheme, named <span>TF-Attack</span>, for <strong>T</strong>ransferable and <strong>F</strong>ast adversarial attacks on LLMs. <span>TF-Attack</span> employs an external LLM as a third-party overseer rather than the victim model to identify critical units within sentences. Moreover, <span>TF-Attack</span> introduces the concept of <em>Importance Level</em>, which allows for parallel substitutions of attacks. We conduct extensive experiments on 6 widely adopted benchmarks, evaluating the proposed method through both automatic and human metrics. Results show that our method consistently surpasses previous methods in transferability and delivers significant speed improvements, up to 10<span><math><mo>×</mo></math></span> faster than earlier attack strategies.</div></div>\",\"PeriodicalId\":49939,\"journal\":{\"name\":\"Knowledge-Based Systems\",\"volume\":\"312 \",\"pages\":\"Article 113117\"},\"PeriodicalIF\":7.6000,\"publicationDate\":\"2025-03-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Knowledge-Based Systems\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0950705125001649\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"2025/2/7 0:00:00\",\"PubModel\":\"Epub\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Knowledge-Based Systems","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0950705125001649","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/2/7 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

随着大型语言模型（llm）的巨大进步，针对llm的对抗性攻击最近引起了越来越多的关注。我们发现，已有的对抗性攻击方法表现出有限的可转移性，并且效率低下，特别是在应用于llm时。本文分析了以往主要的对抗性攻击方法的核心机制，发现：(1)不同受害者模型的重要性得分分布差异显著，限制了可转移性；(2)顺序攻击过程导致大量的时间开销。基于上述两个见解，我们引入了一种新的方案，称为tf攻击，用于对llm进行可转移和快速对抗性攻击。TF-Attack使用外部LLM作为第三方监督者，而不是受害者模型来识别句子中的关键单元。此外，tf攻击引入了重要性级别的概念，允许并行替换攻击。我们在6个广泛采用的基准上进行了广泛的实验，通过自动和人为指标来评估所提出的方法。结果表明，我们的方法在可转移性方面始终优于以前的方法，并提供了显着的速度改进，比早期的攻击策略快10倍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

TF-Attack: Transferable and fast adversarial attacks on large language models

With the great advancements in large language models (LLMs), adversarial attacks against LLMs have recently attracted increasing attention. We found that pre-existing adversarial attack methodologies exhibit limited transferability and are notably inefficient, particularly when applied to LLMs. In this paper, we analyze the core mechanisms of previous predominant adversarial attack methods, revealing that (1) the distributions of importance score differ markedly among victim models, restricting the transferability; (2) the sequential attack processes induces substantial time overheads. Based on the above two insights, we introduce a new scheme, named TF-Attack, for Transferable and Fast adversarial attacks on LLMs. TF-Attack employs an external LLM as a third-party overseer rather than the victim model to identify critical units within sentences. Moreover, TF-Attack introduces the concept of Importance Level, which allows for parallel substitutions of attacks. We conduct extensive experiments on 6 widely adopted benchmarks, evaluating the proposed method through both automatic and human metrics. Results show that our method consistently surpasses previous methods in transferability and delivers significant speed improvements, up to 10

\times

faster than earlier attack strategies.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Knowledge-Based Systems 工程技术-计算机：人工智能

CiteScore

14.80

自引率

12.50%

发文量

1245

审稿时长

7.8 months

期刊介绍： Knowledge-Based Systems, an international and interdisciplinary journal in artificial intelligence, publishes original, innovative, and creative research results in the field. It focuses on knowledge-based and other artificial intelligence techniques-based systems. The journal aims to support human prediction and decision-making through data science and computation techniques, provide a balanced coverage of theory and practical study, and encourage the development and implementation of knowledge-based intelligence models, methods, systems, and software tools. Applications in business, government, education, engineering, and healthcare are emphasized.