GUARD: Role-playing to Generate Natural-language Jailbreakings to Test Guideline Adherence of Large Language Models

📄 arXiv: 2402.03299v6 📥 PDF

作者: Haibo Jin, Ruoxi Chen, Peiyan Zhang, Andy Zhou, Haohan Wang

分类: cs.LG, cs.CL, cs.CV

发布日期: 2024-02-05 (更新: 2025-11-07)

备注: 28 papges


💡 一句话要点

提出GUARD系统以生成自然语言越狱测试大型语言模型的合规性

🎯 匹配领域: 支柱九:具身大模型 (Embodied Foundation Models)

关键词: 大型语言模型 越狱生成 角色扮演 知识图谱 安全性测试 合规性验证 多模态应用

📋 核心要点

  1. 现有方法在生成越狱以测试大型语言模型的合规性方面效率低下,难以满足实际需求。
  2. 本文提出的GUARD系统通过角色扮演的方式,利用知识图谱生成新的越狱,模拟人类生成过程。
  3. 实验结果表明,GUARD在多种LLMs上有效诱导不合规响应,验证了其在安全性测试中的应用潜力。

📝 摘要(中文)

随着越狱技术的发现,能够绕过大型语言模型(LLMs)安全过滤器并产生有害响应,促使社区实施安全措施。本文提出了一种新颖的角色扮演系统,通过为用户LLMs分配四种不同角色,协作生成越狱。我们收集现有越狱并利用聚类频率和语义模式将其分割成独立特征,构建知识图谱以便于检索。GUARD系统利用该知识图谱生成新的越狱,已在多种前沿开源LLMs和商业LLMs上验证其有效性,并扩展到视觉语言模型,展示了其多样性和对安全可靠LLM应用开发的贡献。

🔬 方法详解

问题定义:本文旨在解决如何高效生成越狱以测试大型语言模型(LLMs)合规性的问题。现有方法往往缺乏系统性和效率,难以满足大规模测试的需求。

核心思路:GUARD系统通过角色扮演的方式,分配不同角色给用户LLMs,使其协作生成越狱。这种方法模仿人类生成越狱的过程,提升了生成的多样性和有效性。

技术框架:GUARD的整体架构包括角色分配模块、知识图谱构建模块和越狱生成模块。首先,收集现有越狱并进行特征聚类,构建知识图谱;然后,利用该图谱生成新的越狱。

关键创新:GUARD的主要创新在于角色扮演机制和知识图谱的结合,显著提高了越狱生成的效率和质量。这一方法与传统的单一生成方式有本质区别。

关键设计:在设计中,采用了聚类算法对越狱特征进行分析,并通过语义模式提取关键特征。此外,系统自动遵循政府发布的指南生成越狱,以测试LLMs的合规性。

🖼️ 关键图片

fig_0
fig_1
fig_2

📊 实验亮点

在实验中,GUARD系统在Vicuna-13B、LongChat-7B、Llama-2-7B和ChatGPT等多种LLMs上验证了其有效性,成功诱导不合规响应,显示出较传统方法显著的性能提升,具体提升幅度未知。

🎯 应用场景

GUARD系统的潜在应用领域包括大型语言模型的安全性测试、合规性验证以及对抗性生成研究。其实际价值在于为开发更安全、可靠的LLM应用提供了有效工具,未来可能推动相关领域的标准化和规范化进程。

📄 摘要(原文)

The discovery of "jailbreaks" to bypass safety filters of Large Language Models (LLMs) and harmful responses have encouraged the community to implement safety measures. One major safety measure is to proactively test the LLMs with jailbreaks prior to the release. Therefore, such testing will require a method that can generate jailbreaks massively and efficiently. In this paper, we follow a novel yet intuitive strategy to generate jailbreaks in the style of the human generation. We propose a role-playing system that assigns four different roles to the user LLMs to collaborate on new jailbreaks. Furthermore, we collect existing jailbreaks and split them into different independent characteristics using clustering frequency and semantic patterns sentence by sentence. We organize these characteristics into a knowledge graph, making them more accessible and easier to retrieve. Our system of different roles will leverage this knowledge graph to generate new jailbreaks, which have proved effective in inducing LLMs to generate unethical or guideline-violating responses. In addition, we also pioneer a setting in our system that will automatically follow the government-issued guidelines to generate jailbreaks to test whether LLMs follow the guidelines accordingly. We refer to our system as GUARD (Guideline Upholding through Adaptive Role-play Diagnostics). We have empirically validated the effectiveness of GUARD on three cutting-edge open-sourced LLMs (Vicuna-13B, LongChat-7B, and Llama-2-7B), as well as a widely-utilized commercial LLM (ChatGPT). Moreover, our work extends to the realm of vision language models (MiniGPT-v2 and Gemini Vision Pro), showcasing GUARD's versatility and contributing valuable insights for the development of safer, more reliable LLM-based applications across diverse modalities.