Chain of Attack: a Semantic-Driven Contextual Multi-Turn attacker for LLM

TL;DR

The paper introduces CoA, a semantic-driven multi-turn attack method that exploits contextual cues to reveal vulnerabilities in large language models, highlighting security and ethical concerns in dialogue systems.

Contribution

It presents a novel multi-turn attack approach that adaptively leverages context and semantics to effectively challenge LLMs, outperforming existing methods.

Findings

CoA successfully exposes vulnerabilities in various LLMs.

It outperforms existing attack methods in effectiveness.

The method highlights security and ethical risks in dialogue systems.

Abstract

Large language models (LLMs) have achieved remarkable performance in various natural language processing tasks, especially in dialogue systems. However, LLM may also pose security and moral threats, especially in multi round conversations where large models are more easily guided by contextual content, resulting in harmful or biased responses. In this paper, we present a novel method to attack LLMs in multi-turn dialogues, called CoA (Chain of Attack). CoA is a semantic-driven contextual multi-turn attack method that adaptively adjusts the attack policy through contextual feedback and semantic relevance during multi-turn of dialogue with a large model, resulting in the model producing unreasonable or harmful content. We evaluate CoA on different LLMs and datasets, and show that it can effectively expose the vulnerabilities of LLMs, and outperform existing attack methods. Our work provides a new perspective and tool for attacking and defending LLMs, and contributes to the security and ethical assessment of dialogue systems.