Play Guessing Game with LLM: Indirect Jailbreak Attack with Implicit Clues

Zhiyuan Chang, Mingyang Li, Yi Liu, Junjie Wang, Qing Wang, Yang Liu


Abstract
With the development of LLMs, the security threats of LLMs are getting more and more attention. Numerous jailbreak attacks have been proposed to assess the security defense of LLMs. Current jailbreak attacks primarily utilize scenario camouflage techniques. However their explicitly mention of malicious intent will be easily recognized and defended by LLMs. In this paper, we propose an indirect jailbreak attack approach, Puzzler, which can bypass the LLM’s defensive strategies and obtain malicious response by implicitly providing LLMs with some clues about the original malicious query. In addition, inspired by the wisdom of “When unable to attack, defend” from Sun Tzu’s Art of War, we adopt a defensive stance to gather clues about the original malicious query through LLMs. The experimental results indicate that the Query Success Rate of the Puzzler is 14.0%-82.7% higher than baselines on the most prominent LLMs. Furthermore, when tested against the state-of-the-art jailbreak detection approaches, Puzzler proves to be more effective at evading detection compared to baselines.
Anthology ID:
2024.findings-acl.304
Volume:
Findings of the Association for Computational Linguistics: ACL 2024
Month:
August
Year:
2024
Address:
Bangkok, Thailand
Editors:
Lun-Wei Ku, Andre Martins, Vivek Srikumar
Venue:
Findings
SIG:
Publisher:
Association for Computational Linguistics
Note:
Pages:
5135–5147
Language:
URL:
https://aclanthology.org/2024.findings-acl.304
DOI:
10.18653/v1/2024.findings-acl.304
Bibkey:
Cite (ACL):
Zhiyuan Chang, Mingyang Li, Yi Liu, Junjie Wang, Qing Wang, and Yang Liu. 2024. Play Guessing Game with LLM: Indirect Jailbreak Attack with Implicit Clues. In Findings of the Association for Computational Linguistics: ACL 2024, pages 5135–5147, Bangkok, Thailand. Association for Computational Linguistics.
Cite (Informal):
Play Guessing Game with LLM: Indirect Jailbreak Attack with Implicit Clues (Chang et al., Findings 2024)
Copy Citation:
PDF:
https://aclanthology.org/2024.findings-acl.304.pdf