pith. sign in

arxiv: 2407.03234 · v3 · pith:4Y72YSCYnew · submitted 2024-07-03 · 💻 cs.LG · cs.CL· cs.CR

Self-Evaluation as a Defense Against Adversarial Attacks on LLMs

classification 💻 cs.LG cs.CLcs.CR
keywords attacksllmsmethodadversarialattackdefensemethodsmodel
0
0 comments X
read the original abstract

We introduce a defense against adversarial attacks on LLMs utilizing self-evaluation. Our method requires no model fine-tuning, instead using pre-trained models to evaluate the inputs and outputs of a generator model, significantly reducing the cost of implementation in comparison to other, finetuning-based methods. Our method can significantly reduce the attack success rate of attacks on both open and closed-source LLMs, beyond the reductions demonstrated by Llama-Guard2 and commonly used content moderation APIs. We present an analysis of the effectiveness of our method, including attempts to attack the evaluator in various settings, demonstrating that it is also more resilient to attacks than existing methods. Code and data will be made available at https://github.com/Linlt-leon/self-eval.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 2 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. When Prompts Become Payloads: A Framework for Mitigating SQL Injection Attacks in Large Language Model-Driven Applications

    cs.CR 2026-05 unverdicted novelty 5.0

    A framework with prompt sanitization, behavioral anomaly detection, and signature controls mitigates SQL injection in LLM-driven database apps, showing high accuracy on adversarial benchmarks.

  2. SoK: Robustness in Large Language Models against Jailbreak Attacks

    cs.CR 2026-05 accept novelty 5.0

    The paper taxonomizes jailbreak attacks and defenses for LLMs, introduces the Security Cube multi-dimensional evaluation framework, benchmarks 13 attacks and 5 defenses, and identifies open challenges in LLM robustness.