TL;DR
This paper introduces the Self-Degraded Defense (SDD) framework, a novel method to protect large language models from malicious fine-tuning by degrading their harmful instruction-following capabilities while maintaining response quality.
Contribution
The paper provides a theoretical analysis of malicious fine-tuning and proposes SDD, a new defense mechanism that reduces LLMs' ability to follow harmful instructions after attack.
Findings
SDD effectively reduces LLMs' ability to follow harmful instructions.
Experimental results show SDD maintains response quality while defending against attacks.
Theoretical analysis explains why malicious fine-tuning succeeds and how SDD counters it.
Abstract
Open-source Large Language Models (LLMs) often employ safety alignment methods to resist harmful instructions. However, recent research shows that maliciously fine-tuning these LLMs on harmful data can easily bypass these safeguards. To counter this, we theoretically uncover why malicious fine-tuning succeeds and identify potential defense strategies. Building on the theoretical analysis, we introduce the Self-Degraded Defense (SDD) framework. SDD encourages LLMs to produce high-quality but irrelevant responses to harmful prompts. When attackers attempt malicious fine-tuning, the general capability of the LLM aligned by SDD will significantly decrease, rendering it incapable of following harmful instructions. Our experimental results confirm SDD's effectiveness against such attacks.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
