Robustness of Large Language Models Against Adversarial Attacks

TL;DR

This paper evaluates the robustness of GPT large language models against character-level and jailbreak prompt adversarial attacks, revealing significant vulnerabilities and emphasizing the need for improved safety measures.

Contribution

It provides a comprehensive assessment of GPT models' robustness using novel attack methods and highlights their varying vulnerabilities, guiding future improvements in adversarial defenses.

Findings

Models show significant vulnerability to character-level attacks.

Safety mechanisms are challenged by jailbreak prompts.

Robustness varies across different GPT models.

Abstract

The increasing deployment of Large Language Models (LLMs) in various applications necessitates a rigorous evaluation of their robustness against adversarial attacks. In this paper, we present a comprehensive study on the robustness of GPT LLM family. We employ two distinct evaluation methods to assess their resilience. The first method introduce character-level text attack in input prompts, testing the models on three sentiment classification datasets: StanfordNLP/IMDB, Yelp Reviews, and SST-2. The second method involves using jailbreak prompts to challenge the safety mechanisms of the LLMs. Our experiments reveal significant variations in the robustness of these models, demonstrating their varying degrees of vulnerability to both character-level and semantic-level adversarial attacks. These findings underscore the necessity for improved adversarial training and enhanced safety mechanisms to bolster the robustness of LLMs.