Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Recent Advances in Attack and Defense Approaches of Large Language Models

Jing Cui, Yishi Xu, Zhewei Huang, Shuchang Zhou, Jianbin Jiao, Junge Zhang

TL;DR

This survey addresses the safety and reliability challenges of Large Language Models by mapping vulnerabilities, attack modalities, and defense strategies in the post-2023 era. It presents a structured taxonomy of vulnerabilities (from overfitting to RLHF-induced fragilities and supply-chain risks), catalogs post-training, adversarial, and privacy attacks, and reviews exogenous, endogenous, and hybrid defenses including red teaming, content filtering, inference guidance, adversarial training, safety fine-tuning, and model merging. The work highlights key gaps such as the capacity-alignment misalignment, intrinsic objective conflicts, and the need for scalable, robust defense mechanisms, proposing directions like latent adversarial training, knowledge sanitization, and safe model merging. The practical impact lies in guiding researchers and practitioners to design more robust, auditable, and trustworthy LLM systems through comprehensive threat modeling, standardized benchmarks, and integrated defense pipelines.

Abstract

Large Language Models (LLMs) have revolutionized artificial intelligence and machine learning through their advanced text processing and generating capabilities. However, their widespread deployment has raised significant safety and reliability concerns. Established vulnerabilities in deep neural networks, coupled with emerging threat models, may compromise security evaluations and create a false sense of security. Given the extensive research in the field of LLM security, we believe that summarizing the current state of affairs will help the research community better understand the present landscape and inform future developments. This paper reviews current research on LLM vulnerabilities and threats, and evaluates the effectiveness of contemporary defense mechanisms. We analyze recent studies on attack vectors and model weaknesses, providing insights into attack mechanisms and the evolving threat landscape. We also examine current defense strategies, highlighting their strengths and limitations. By contrasting advancements in attack and defense methodologies, we identify research gaps and propose future directions to enhance LLM security. Our goal is to advance the understanding of LLM safety challenges and guide the development of more robust security measures.

Recent Advances in Attack and Defense Approaches of Large Language Models

TL;DR

This survey addresses the safety and reliability challenges of Large Language Models by mapping vulnerabilities, attack modalities, and defense strategies in the post-2023 era. It presents a structured taxonomy of vulnerabilities (from overfitting to RLHF-induced fragilities and supply-chain risks), catalogs post-training, adversarial, and privacy attacks, and reviews exogenous, endogenous, and hybrid defenses including red teaming, content filtering, inference guidance, adversarial training, safety fine-tuning, and model merging. The work highlights key gaps such as the capacity-alignment misalignment, intrinsic objective conflicts, and the need for scalable, robust defense mechanisms, proposing directions like latent adversarial training, knowledge sanitization, and safe model merging. The practical impact lies in guiding researchers and practitioners to design more robust, auditable, and trustworthy LLM systems through comprehensive threat modeling, standardized benchmarks, and integrated defense pipelines.

Abstract

Large Language Models (LLMs) have revolutionized artificial intelligence and machine learning through their advanced text processing and generating capabilities. However, their widespread deployment has raised significant safety and reliability concerns. Established vulnerabilities in deep neural networks, coupled with emerging threat models, may compromise security evaluations and create a false sense of security. Given the extensive research in the field of LLM security, we believe that summarizing the current state of affairs will help the research community better understand the present landscape and inform future developments. This paper reviews current research on LLM vulnerabilities and threats, and evaluates the effectiveness of contemporary defense mechanisms. We analyze recent studies on attack vectors and model weaknesses, providing insights into attack mechanisms and the evolving threat landscape. We also examine current defense strategies, highlighting their strengths and limitations. By contrasting advancements in attack and defense methodologies, we identify research gaps and propose future directions to enhance LLM security. Our goal is to advance the understanding of LLM safety challenges and guide the development of more robust security measures.
Paper Structure (34 sections, 1 equation, 1 table)

This paper contains 34 sections, 1 equation, 1 table.

Table of Contents

  1. Introduction
  2. Vulnerabilities Analysis
  3. Overfitting Vulnerabilities
  4. Increased LLM Vulnerabilities from Supervised Fine-Tuning and Quantization
  5. Increased LLM Vulnerabilities from RLHF
  6. Gap Between Model Capacity and Alignment
  7. Intrinsic Conflict in the Objectives of LLMs
  8. Supply Chain Vulnerabilities
  9. Attacks
  10. Post-Training Attacks and Their Relevance to LLMs
  11. Attacks on Supervised Fine-Tuning
  12. Attacks on RLHF
  13. Limitation and Future Work
  14. Adversarial Attacks and Their Relevance to LLMs
  15. Jailbreaks
  16. ...and 19 more sections