Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cross-Task Defense: Instruction-Tuning LLMs for Content Safety

Yu Fu, Wen Xiao, Jia Chen, Jiachen Li, Evangelos Papalexakis, Aichi Chien, Yue Dong

TL;DR

<3-5 sentence high-level summary> The paper tackles the safety-utility tension in LLMs when processing long, potentially malicious documents. It introduces a defense dataset of safety-related long texts with refusals and develops single-task and mixed-task instruction-tuning losses to train models to refuse dangerous content while maintaining performance on benign tasks. Through experiments on Llama1-7B and Llama2-7B with LoRA across multiple NLP tasks, the study shows that targeting summarization for defense yields strong cross-task protection and that Llama2 generally provides a better balance between safety and usefulness than Llama1. The findings highlight the value of defense-focused training and cross-task strategies for safer deployment of LLMs in real-world content processing.

Abstract

Recent studies reveal that Large Language Models (LLMs) face challenges in balancing safety with utility, particularly when processing long texts for NLP tasks like summarization and translation. Despite defenses against malicious short questions, the ability of LLMs to safely handle dangerous long content, such as manuals teaching illicit activities, remains unclear. Our work aims to develop robust defenses for LLMs in processing malicious documents alongside benign NLP task queries. We introduce a defense dataset comprised of safety-related examples and propose single-task and mixed-task losses for instruction tuning. Our empirical results demonstrate that LLMs can significantly enhance their capacity to safely manage dangerous content with appropriate instruction tuning. Additionally, strengthening the defenses of tasks most susceptible to misuse is effective in protecting LLMs against processing harmful information. We also observe that trade-offs between utility and safety exist in defense strategies, where Llama2, utilizing our proposed approach, displays a significantly better balance compared to Llama1.

Cross-Task Defense: Instruction-Tuning LLMs for Content Safety

TL;DR

<3-5 sentence high-level summary> The paper tackles the safety-utility tension in LLMs when processing long, potentially malicious documents. It introduces a defense dataset of safety-related long texts with refusals and develops single-task and mixed-task instruction-tuning losses to train models to refuse dangerous content while maintaining performance on benign tasks. Through experiments on Llama1-7B and Llama2-7B with LoRA across multiple NLP tasks, the study shows that targeting summarization for defense yields strong cross-task protection and that Llama2 generally provides a better balance between safety and usefulness than Llama1. The findings highlight the value of defense-focused training and cross-task strategies for safer deployment of LLMs in real-world content processing.

Abstract

Recent studies reveal that Large Language Models (LLMs) face challenges in balancing safety with utility, particularly when processing long texts for NLP tasks like summarization and translation. Despite defenses against malicious short questions, the ability of LLMs to safely handle dangerous long content, such as manuals teaching illicit activities, remains unclear. Our work aims to develop robust defenses for LLMs in processing malicious documents alongside benign NLP task queries. We introduce a defense dataset comprised of safety-related examples and propose single-task and mixed-task losses for instruction tuning. Our empirical results demonstrate that LLMs can significantly enhance their capacity to safely manage dangerous content with appropriate instruction tuning. Additionally, strengthening the defenses of tasks most susceptible to misuse is effective in protecting LLMs against processing harmful information. We also observe that trade-offs between utility and safety exist in defense strategies, where Llama2, utilizing our proposed approach, displays a significantly better balance compared to Llama1.
Paper Structure (14 sections, 3 equations, 6 figures, 2 tables)

This paper contains 14 sections, 3 equations, 6 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Methodology
  3. Defense Examples Construction:
  4. Instruction Tuning with Defense Examples
  5. Mixed training on different NLP tasks
  6. Experiments and Results
  7. Experiments Setting
  8. Single-Task Defense Results
  9. Cross-Task Defense Results
  10. Safety and Utility Balance
  11. Mixed Training
  12. Conclusion
  13. Limitations
  14. NLP tasks and Templates

Figures (6)

  • Figure 1: An example from our test set, before and after defense instruction tuning for summarization, shows that the Llama2-7B model can detect and block malicious content post-training. See Fig. \ref{['full_defense_example']} for full content.
  • Figure 2: Task process rate on malicious documents with task instructions on Llama1 and Llama2. A lower task process rate means better defense.
  • Figure 3: Task process rate on the usefulness dataset, with rows showing evaluation dataset results and columns indicating backend model outcomes.
  • Figure 4: Details of the prompts for each NLP tasks. [Article] represents the malicious documents. We use different prompts for each tasks during training and testing to test the generalization of the trained LLMs.
  • Figure 5: Comparison of the pass rate between mixed training and single task training of different NLP tasks. The Black dotted line is the mixed training with the same numbers of defense examples.
  • ...and 1 more figures