Abstract:A novel hack involving Large Language Models (LLMs) has emerged, exploiting adversarial suffixes to deceive models into generating perilous responses. Such jailbreaks can trick LLMs into providing intricate instructions to a malicious user for creating explosives, orchestrating a bank heist, or facilitating the creation of offensive content. By evaluating the perplexity of queries with adversarial suffixes using an open-source LLM (GPT-2), we found that they have exceedingly high perplexity values. As we explored a broad range of regular (non-adversarial) prompt varieties, we concluded that false positives are a significant challenge for plain perplexity filtering. A Light-GBM trained on perplexity and token length resolved the false positives and correctly detected most adversarial attacks in the test set.
Submission history
From: Gabriel Alon [view email]
[v1]
Sun, 27 Aug 2023 15:20:06 UTC (3,688 KB)
[v2]
Sun, 5 Nov 2023 22:25:37 UTC (14,764 KB)
[v3]
Tue, 7 Nov 2023 03:30:15 UTC (13,839 KB)