StruQ: Defending Against Prompt Injection with Structured Queries
Sizhe Chen, Julien Piet, Chawin Sitawarin, David Wagner
TL;DR
This paper presents StruQ, a novel approach using structured queries to defend against prompt injection attacks in LLMs by separating prompts and data, and introduces a fine-tuning method to enhance model security.
Contribution
The paper introduces structured queries and a training strategy to improve LLM resistance to prompt injection without sacrificing performance.
Findings
Significantly increased resistance to prompt injection attacks.
Minimal impact on model utility and output quality.
Effective separation of prompts and data enhances security.
Abstract
Recent advances in Large Language Models (LLMs) enable exciting LLM-integrated applications, which perform text-based tasks by utilizing their advanced language understanding capabilities. However, as LLMs have improved, so have the attacks against them. Prompt injection attacks are an important threat: they trick the model into deviating from the original application's instructions and instead follow user directives. These attacks rely on the LLM's ability to follow instructions and inability to separate prompts and user data. We introduce structured queries, a general approach to tackle this problem. Structured queries separate prompts and data into two channels. We implement a system that supports structured queries. This system is made of (1) a secure front-end that formats a prompt and user data into a special format, and (2) a specially trained LLM that can produce high-quality…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Database Systems and Queries · Cryptography and Data Security · Distributed systems and fault tolerance