Attack and defense techniques in large language models: A survey and new perspectives
Zhiyu Liao, Kang Chen, Yuanguo Lin, Kangkang Li, Yunxuan Liu, Hefeng Chen, Xingwang Huang, Yuanhui Yu
TL;DR
The paper addresses security challenges in large language models by presenting a taxonomy of attacks (adversarial prompt attacks, optimized attacks, application-level attacks, and model theft) and defenses (prevention- and detection-based). It surveys concrete techniques such as jailbreaking, prompt injection, prompt leakage, QROA, and model extraction, and discusses defense methods including SmoothLLM, System-Mode Self-Reminder, SPML, StruQ, Attention Tracker, and watermarking-based approaches. The study highlights open problems, such as adaptive scalable defenses, explainable security, and standardized evaluation frameworks, and stresses the need for interdisciplinary collaboration and ethical considerations in deploying secure LLMs. Overall, the work provides actionable insights and a comprehensive roadmap for developing robust and trustworthy LLM systems in real-world applications.
Abstract
Large Language Models (LLMs) have become central to numerous natural language processing tasks, but their vulnerabilities present significant security and ethical challenges. This systematic survey explores the evolving landscape of attack and defense techniques in LLMs. We classify attacks into adversarial prompt attack, optimized attacks, model theft, as well as attacks on application of LLMs, detailing their mechanisms and implications. Consequently, we analyze defense strategies, including prevention-based and detection-based defense methods. Although advances have been made, challenges remain to adapt to the dynamic threat landscape, balance usability with robustness, and address resource constraints in defense implementation. We highlight open problems, including the need for adaptive scalable defenses, explainable security techniques, and standardized evaluation frameworks. This survey provides actionable insights and directions for developing secure and resilient LLMs, emphasizing the importance of interdisciplinary collaboration and ethical considerations to mitigate risks in real-world applications.
