ExplainableGuard: Interpretable Adversarial Defense for Large Language Models Using Chain-of-Thought Reasoning

TL;DR

ExplainableGuard is a novel framework that uses chain-of-thought reasoning to detect, neutralize, and explain adversarial attacks on large language models, enhancing transparency and trustworthiness.

Contribution

It introduces an interpretable adversarial defense method leveraging chain-of-thought reasoning, providing step-by-step explanations and improved trust in LLM security.

Findings

Effective detection and neutralization of adversarial attacks.

Human evaluations favor ExplainableGuard's explanations.

Promising results on GLUE and IMDB datasets.

Abstract

Large Language Models (LLMs) are increasingly vulnerable to adversarial attacks that can subtly manipulate their outputs. While various defense mechanisms have been proposed, many operate as black boxes, lacking transparency in their decision-making. This paper introduces ExplainableGuard, an interpretable adversarial defense framework leveraging the chain-of-thought (CoT) reasoning capabilities of DeepSeek-Reasoner. Our approach not only detects and neutralizes adversarial perturbations in text but also provides step-by-step explanations for each defense action. We demonstrate how tailored CoT prompts guide the LLM to perform a multi-faceted analysis (character, word, structural, and semantic) and generate a purified output along with a human-readable justification. Preliminary results on the GLUE Benchmark and IMDB Movie Reviews dataset show promising defense efficacy. Additionally, a human evaluation study reveals that ExplainableGuard's explanations outperform ablated variants in clarity, specificity, and actionability, with a 72.5% deployability-trust rating, underscoring its potential for more trustworthy LLM deployments.