SecReEvalBench: A Multi-turned Security Resilience Evaluation Benchmark for Large Language Models

TL;DR

SecReEvalBench is a comprehensive benchmark designed to evaluate large language models' resilience against multi-turn, intent-driven adversarial prompts across various security domains, revealing their strengths and vulnerabilities.

Contribution

The paper introduces a novel multi-turned security resilience benchmark with new metrics, diverse attack sequences, and a specialized dataset for evaluating LLM security in real-world scenarios.

Findings

Identified vulnerabilities of current LLMs to multi-turn adversarial prompts.

Provided a systematic evaluation of five state-of-the-art LLMs' security resilience.

Published a publicly available dataset for future research in LLM security.

Abstract

The increasing deployment of large language models in security-sensitive domains necessitates rigorous evaluation of their resilience against adversarial prompt-based attacks. While previous benchmarks have focused on security evaluations with limited and predefined attack domains, such as cybersecurity attacks, they often lack a comprehensive assessment of intent-driven adversarial prompts and the consideration of real-life scenario-based multi-turn attacks. To address this gap, we present SecReEvalBench, the Security Resilience Evaluation Benchmark, which defines four novel metrics: Prompt Attack Resilience Score, Prompt Attack Refusal Logic Score, Chain-Based Attack Resilience Score and Chain-Based Attack Rejection Time Score. Moreover, SecReEvalBench employs six questioning sequences for model assessment: one-off attack, successive attack, successive reverse attack, alternative attack, sequential ascending attack with escalating threat levels and sequential descending attack with diminishing threat levels. In addition, we introduce a dataset customized for the benchmark, which incorporates both neutral and malicious prompts, categorised across seven security domains and sixteen attack techniques. In applying this benchmark, we systematically evaluate five state-of-the-art open-weighted large language models, Llama 3.1, Gemma 2, Mistral v0.3, DeepSeek-R1 and Qwen 3. Our findings offer critical insights into the strengths and weaknesses of modern large language models in defending against evolving adversarial threats. The SecReEvalBench dataset is publicly available at https://kaggle.com/datasets/5a7ee22cf9dab6c93b55a73f630f6c9b42e936351b0ae98fbae6ddaca7fe248d, which provides a groundwork for advancing research in large language model security.