Layer-Level Self-Exposure and Patch: Affirmative Token Mitigation for Jailbreak Attack Defense
Yang Ouyang, Hengrui Gu, Shuhang Lin, Wenyue Hua, Jie Peng, Bhavya, Kailkhura, Meijun Gao, Tianlong Chen, Kaixiong Zhou
TL;DR
This paper presents Layer-AdvPatcher, a novel defense method that unlearns specific vulnerable layers in large language models to reduce jailbreak attack success rates while maintaining response utility.
Contribution
It introduces a self-augmented unlearning strategy targeting layer vulnerabilities to mitigate jailbreak attacks in LLMs, a novel approach in safety defense.
Findings
Reduces jailbreak success rate significantly
Maintains model utility on benign queries
Effective across multiple models and datasets
Abstract
As large language models (LLMs) are increasingly deployed in diverse applications, including chatbot assistants and code generation, aligning their behavior with safety and ethical standards has become paramount. However, jailbreak attacks, which exploit vulnerabilities to elicit unintended or harmful outputs, threaten LLMs' safety significantly. In this paper, we introduce Layer-AdvPatcher, a novel methodology designed to defend against jailbreak attacks by utilizing an unlearning strategy to patch specific layers within LLMs through self-augmented datasets. Our insight is that certain layer(s), tend to produce affirmative tokens when faced with harmful prompts. By identifying these layers and adversarially exposing them to generate more harmful data, one can understand their inherent and diverse vulnerabilities to attacks. With these exposures, we then "unlearn" these issues, reducing…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
Taxonomy
TopicsPhysical Unclonable Functions (PUFs) and Hardware Security · Adversarial Robustness in Machine Learning · Cryptographic Implementations and Security