Continuous Embedding Attacks via Clipped Inputs in Jailbreaking Large   Language Models

Zihao Xu; Yi Liu; Gelei Deng; Kailong Wang; Yuekang Li; Ling Shi,; Stjepan Picek

arXiv:2407.13796·cs.CR·July 22, 2024

Continuous Embedding Attacks via Clipped Inputs in Jailbreaking Large Language Models

Zihao Xu, Yi Liu, Gelei Deng, Kailong Wang, Yuekang Li, Ling Shi,, Stjepan Picek

PDF

Open Access 1 Repo

TL;DR

This paper uncovers a new vulnerability in large language models where continuous embedding manipulations can bypass security measures, and introduces CLIP, a strategy to improve attack success rates by preventing overfitting during iterative attacks.

Contribution

It presents a novel continuous embedding attack method on LLMs and proposes CLIP to enhance attack effectiveness by mitigating overfitting during iterative processes.

Findings

01

Embedding attacks significantly increase jailbreak success rates.

02

CLIP improves attack success rate from 62% to 83%.

03

Overfitting causes repetitive outputs in iterative attacks.

Abstract

Security concerns for large language models (LLMs) have recently escalated, focusing on thwarting jailbreaking attempts in discrete prompts. However, the exploration of jailbreak vulnerabilities arising from continuous embeddings has been limited, as prior approaches primarily involved appending discrete or continuous suffixes to inputs. Our study presents a novel channel for conducting direct attacks on LLM inputs, eliminating the need for suffix addition or specific questions provided that the desired output is predefined. We additionally observe that extensive iterations often lead to overfitting, characterized by repetition in the output. To counteract this, we propose a simple yet effective strategy named CLIP. Our experiments show that for an input length of 40 at iteration 1000, applying CLIP improves the ASR from 62% to 83%

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Code & Models

Repositories

ltroin/Clip1
pytorchOfficial

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Topic Modeling · Hate Speech and Cyberbullying Detection

MethodsContrastive Language-Image Pre-training