Towards Assurance of LLM Adversarial Robustness using Ontology-Driven Argumentation

TL;DR

This work introduces a novel approach for assurance of the adversarial robustness of LLMs based on formal argumentation using ontologies for formalization, and structure state-of-the-art attacks and defenses, facilitating the creation of a human-readable assurance case, and a machine-readable representation.

Abstract

Despite the impressive adaptability of large language models (LLMs), challenges remain in ensuring their security, transparency, and interpretability. Given their susceptibility to adversarial attacks, LLMs need to be defended with an evolving combination of adversarial training and guardrails. However, managing the implicit and heterogeneous knowledge for continuously assuring robustness is difficult. We introduce a novel approach for assurance of the adversarial robustness of LLMs based on formal argumentation. Using ontologies for formalization, we structure state-of-the-art attacks and defenses, facilitating the creation of a human-readable assurance case, and a machine-readable representation. We demonstrate its application with examples in English language and code translation tasks, and provide implications for theory and practice, by targeting engineers, data scientists, users, and auditors.

Figures (4)

• Figure 1: Structure of the ontology. Visualized using Stanford Protégé.
• Figure 2: Assurance case in GSN (left), connected graphs (center), and the queriable values in concepts (right). The boxes are a manual illustration of the text in the argument.
• Figure 3: Pipeline for representing data about attacks and defenses into an ontology and assurance case, for further reasoning by middleware implementing the LLM defenses. Original contributions emphasized.
• Figure 4: Sketched argument (left) and its representation in ontology (right).