Beyond Surface-Level Detection: Towards Cognitive-Driven Defense Against Jailbreak Attacks via Meta-Operations Reasoning

TL;DR

This paper introduces a cognitive-driven framework using meta-operations reasoning to improve the detection of unseen jailbreak prompts in large language models, surpassing traditional pattern-matching defenses.

Contribution

It proposes a novel structured reasoning approach with reinforcement learning to generalize defenses against diverse and unseen jailbreak strategies.

Findings

Achieves state-of-the-art defense performance.

Demonstrates strong generalization to unseen attacks.

Utilizes entropy-guided reinforcement learning for exploration.

Abstract

Defending large language models (LLMs) against jailbreak attacks is essential for their safe and reliable deployment. Existing defenses often rely on shallow pattern matching, which struggles to generalize to novel and unseen attack strategies. To address this challenge, we propose the Cognitive-Driven Defense (CDD) framework, which targets the underlying structure of jailbreak prompts by applying meta-operations, defined as basic manipulations that conceal harmful intent.CDD emulates human cognitive reasoning through a structured reasoning chain. It begins with a global perception of the prompt and follows with a localized analysis to uncover hidden manipulations. By applying supervised fine-tuning on this structured chain, the model learns to identify and reason about known manipulation patterns. To enhance generalization to unseen threats, an entropy-guided reinforcement learning algorithm (EG-GRPO) is introduced to encourage exploration of new types and variants of meta-operations. Experiments demonstrate that CDD can achieve state-of-the-art defense performance and exhibit strong generalization to unseen jailbreak attacks.