Attack and defense techniques in large language models: A survey and new perspectives

TL;DR

This survey reviews attack and defense techniques for large language models, highlighting current methods, challenges, open problems, and future directions for enhancing their security and robustness.

Contribution

It provides a comprehensive classification of attack and defense strategies in LLMs and discusses open challenges and future research directions.

Findings

Adversarial prompt and optimized attacks pose significant threats.

Defense strategies include prevention and detection methods.

Challenges include adapting to evolving threats and resource constraints.

Abstract

Large Language Models (LLMs) have become central to numerous natural language processing tasks, but their vulnerabilities present significant security and ethical challenges. This systematic survey explores the evolving landscape of attack and defense techniques in LLMs. We classify attacks into adversarial prompt attack, optimized attacks, model theft, as well as attacks on application of LLMs, detailing their mechanisms and implications. Consequently, we analyze defense strategies, including prevention-based and detection-based defense methods. Although advances have been made, challenges remain to adapt to the dynamic threat landscape, balance usability with robustness, and address resource constraints in defense implementation. We highlight open problems, including the need for adaptive scalable defenses, explainable security techniques, and standardized evaluation frameworks. This survey provides actionable insights and directions for developing secure and resilient LLMs, emphasizing the importance of interdisciplinary collaboration and ethical considerations to mitigate risks in real-world applications.