Robustness of Prompting: Enhancing Robustness of Large Language Models Against Prompting Attacks

TL;DR

This paper introduces RoP, a novel prompting strategy that enhances the robustness of large language models against input perturbations by using error correction and guidance stages, significantly improving performance on various reasoning tasks.

Contribution

The paper proposes RoP, a new prompting method with error correction and guidance stages, explicitly designed to improve LLM robustness against adversarial input perturbations.

Findings

RoP significantly improves robustness against adversarial perturbations.

RoP maintains high accuracy with minimal degradation on clean inputs.

Experiments show effectiveness across arithmetic, commonsense, and logical reasoning tasks.

Abstract

Large Language Models (LLMs) have demonstrated remarkable performance across various tasks by effectively utilizing a prompting strategy. However, they are highly sensitive to input perturbations, such as typographical errors or slight character order errors, which can substantially degrade their performance. Despite advances in prompting techniques, developing a prompting strategy that explicitly mitigates the negative impact of such perturbations remains an open challenge. To bridge this gap, we propose Robustness of Prompting (RoP), a novel prompting strategy specifically designed to enhance the robustness of LLMs. RoP consists of two stages: Error Correction and Guidance. In the Error Correction stage, RoP applies diverse perturbation methods to generate adversarial examples, which are then used to construct prompts that automatically correct input errors. In the Guidance stage, RoP generates an optimal guidance prompting based on the corrected input, steering the model toward more robust and accurate inferences. Through comprehensive experiments spanning arithmetic, commonsense, and logical reasoning tasks, we demonstrate that RoP significantly improves LLMs' robustness against adversarial perturbations. Notably, it maintains model accuracy with only minimal degradation compared to clean input scenarios, thereby establishing RoP as a practical and effective approach for enhancing LLM robustness in real-world applications.