Protecting Your LLMs with Information Bottleneck

TL;DR

This paper introduces IBProtector, a novel defense mechanism based on the information bottleneck principle, which compresses and perturbs prompts to protect large language models from harmful or jailbreaking attacks while maintaining response quality.

Contribution

The paper proposes IBProtector, a new, transferable defense method that effectively mitigates jailbreak attacks without modifying the underlying LLMs or significantly impacting performance.

Findings

IBProtector outperforms existing defenses against jailbreaks

It maintains response quality and inference speed

Effective across various attack types and models

Abstract

The advent of large language models (LLMs) has revolutionized the field of natural language processing, yet they might be attacked to produce harmful content. Despite efforts to ethically align LLMs, these are often fragile and can be circumvented by jailbreaking attacks through optimized or manual adversarial prompts. To address this, we introduce the Information Bottleneck Protector (IBProtector), a defense mechanism grounded in the information bottleneck principle, and we modify the objective to avoid trivial solutions. The IBProtector selectively compresses and perturbs prompts, facilitated by a lightweight and trainable extractor, preserving only essential information for the target LLMs to respond with the expected answer. Moreover, we further consider a situation where the gradient is not visible to be compatible with any LLM. Our empirical evaluations show that IBProtector outperforms current defense methods in mitigating jailbreak attempts, without overly affecting response quality or inference speed. Its effectiveness and adaptability across various attack methods and target LLMs underscore the potential of IBProtector as a novel, transferable defense that bolsters the security of LLMs without requiring modifications to the underlying models.