Defend LLMs Through Self-Consciousness

TL;DR

This paper presents a self-consciousness framework for LLMs that uses their reasoning abilities to autonomously defend against prompt injection attacks, improving security without external classifiers.

Contribution

It introduces a novel self-consciousness mechanism with Meta-Cognitive and Arbitration Modules enabling LLMs to self-regulate and defend against prompt injections.

Findings

Significant increase in defense success rates across seven LLMs.

Some models achieved perfect defense in Enhanced Mode.

Trade-off identified between defense effectiveness and computational overhead.

Abstract

This paper introduces a novel self-consciousness defense mechanism for Large Language Models (LLMs) to combat prompt injection attacks. Unlike traditional approaches that rely on external classifiers, our method leverages the LLM's inherent reasoning capabilities to perform self-protection. We propose a framework that incorporates Meta-Cognitive and Arbitration Modules, enabling LLMs to evaluate and regulate their own outputs autonomously. Our approach is evaluated on seven state-of-the-art LLMs using two datasets: AdvBench and Prompt-Injection-Mixed-Techniques-2024. Experiment results demonstrate significant improvements in defense success rates across models and datasets, with some achieving perfect and near-perfect defense in Enhanced Mode. We also analyze the trade-off between defense success rate improvement and computational overhead. This self-consciousness method offers a lightweight, cost-effective solution for enhancing LLM ethics, particularly beneficial for GenAI use cases across various platforms.