Smoothed Embeddings for Robust Language Models
Ryo Hase, Md Rafi Ur Rashid, Ashley Lewis, Jing Liu, Toshiaki, Koike-Akino, Kieran Parsons, Ye Wang
TL;DR
This paper introduces RESTA, a novel defense method for large language models that enhances robustness against adversarial attacks by adding noise to embeddings and aggregating tokens, improving safety without sacrificing utility.
Contribution
RESTA is a new defense technique that applies randomized smoothing and token aggregation to improve LLM robustness against jailbreaking attacks.
Findings
RESTA outperforms baseline defenses in robustness-utility tradeoffs.
The method effectively preserves semantic information during generation.
Experiments show increased resistance to adversarial inputs.
Abstract
Improving the safety and reliability of large language models (LLMs) is a crucial aspect of realizing trustworthy AI systems. Although alignment methods aim to suppress harmful content generation, LLMs are often still vulnerable to jailbreaking attacks that employ adversarial inputs that subvert alignment and induce harmful outputs. We propose the Randomized Embedding Smoothing and Token Aggregation (RESTA) defense, which adds random noise to the embedding vectors and performs aggregation during the generation of each output token, with the aim of better preserving semantic information. Our experiments demonstrate that our approach achieves superior robustness versus utility tradeoffs compared to the baseline defenses.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNatural Language Processing Techniques · Topic Modeling