GUARD-SLM: Token Activation-Based Defense Against Jailbreak Attacks for Small Language Models
Md Jueal Mia, Joaquin Molto, Yanzhao Wu, and M. Hadi Amini
TL;DR
This paper introduces GUARD-SLM, a lightweight token activation-based defense mechanism that enhances the robustness of small language models against jailbreak attacks by analyzing internal representations.
Contribution
It provides a comprehensive empirical study of jailbreak vulnerabilities and proposes a novel filtering method based on token activation patterns to improve security.
Findings
SLMs are highly vulnerable to jailbreak prompts despite safety measures.
Internal representations differ for malicious and benign inputs across model layers.
GUARD-SLM effectively filters malicious prompts while maintaining benign performance.
Abstract
Small Language Models (SLMs) are emerging as efficient and economically viable alternatives to Large Language Models (LLMs), offering competitive performance with significantly lower computational costs and latency. These advantages make SLMs suitable for resource-constrained and efficient deployment on edge devices. However, existing jailbreak defenses show limited robustness against heterogeneous attacks, largely due to an incomplete understanding of the internal representations across different layers of language models that facilitate jailbreak behaviors. In this paper, we conduct a comprehensive empirical study on 9 jailbreak attacks across 7 SLMs and 3 LLMs. Our analysis shows that SLMs remain highly vulnerable to malicious prompts that bypass safety alignment. We analyze hidden-layer activations across different layers and model architectures, revealing that different input types…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.