Enhancing Adversarial Attacks through Chain of Thought

TL;DR

This paper introduces a novel adversarial attack method on large language models by combining chain of thought prompts with gradient techniques, significantly improving attack transferability and robustness.

Contribution

It proposes the CoT-GCG approach, integrating chain of thought prompts with gradient-based attacks to enhance adversarial transferability against aligned LLMs.

Findings

CoT-GCG outperforms baseline GCG and CoT prompting in attack success.

Using CoT triggers stimulates reasoning, improving attack transferability.

The approach provides better risk assessment of harmful interactions.

Abstract

Large language models (LLMs) have demonstrated impressive performance across various domains but remain susceptible to safety concerns. Prior research indicates that gradient-based adversarial attacks are particularly effective against aligned LLMs and the chain of thought (CoT) prompting can elicit desired answers through step-by-step reasoning. This paper proposes enhancing the robustness of adversarial attacks on aligned LLMs by integrating CoT prompts with the greedy coordinate gradient (GCG) technique. Using CoT triggers instead of affirmative targets stimulates the reasoning abilities of backend LLMs, thereby improving the transferability and universality of adversarial attacks. We conducted an ablation study comparing our CoT-GCG approach with Amazon Web Services auto-cot. Results revealed our approach outperformed both the baseline GCG attack and CoT prompting. Additionally, we used Llama Guard to evaluate potentially harmful interactions, providing a more objective risk assessment of entire conversations compared to matching outputs to rejection phrases. The code of this paper is available at https://github.com/sujingbo0217/CS222W24-LLM-Attack.