JADE-DB:基于靶向变异的大语言模型安全通用基准测试集  被引量：1

作　　者：张谧[1] 潘旭东 杨珉[1] Zhang Mi;Pan Xudong;Yang Min(School of Computer Science,Fudan University,Shanghai 200433)

机构地区：[1]复旦大学计算机科学技术学院,上海200433

出　　处：《计算机研究与发展》2024年第5期1113-1127,共15页Journal of Computer Research and Development

基　　金：国家重点研发计划(2021YFB3101200);国家自然科学基金项目(61972099,U1736208,U1836210,U1836213,62172104,62172105,61902374,62102093,62102091)。

摘　　要：提出大语言模型安全通用基准测试集—JADE-DB,该数据集基于靶向变异方法自动化构建,能够将经验丰富的大语言模型安全测试员和多学科专家学者手工撰写的测试问题转化为高危通用问题,保持语言自然性的同时不改变其核心语义,且能够攻破十余款国内外知名大语言模型的安全防护机制.根据语言复杂性差异,JADE-DB包含基础、进阶、高危3个安全测试等级,共计上千条覆盖违法犯罪、侵犯权益、歧视偏见和核心价值观4大类违规主题、30多种违规主题的通用测试问题,其中针对国内开源(中文,8款)、国内商用(中文,6款)和国外商用大语言模型(英文,4款)这3组大语言模型分别构建的3款通用高危测试集,可造成每组模型在高危测试集上的平均违规率均超过70%,测试问题均可同时触发多款模型违规生成.这表明,语言的复杂性导致现有大语言模型难以学习到人类无穷多种表达方式,因此无法识别其中不变的违规本质.We propose a universal safety testing benchmark for large language models(LLMs),JADE-DB.The benchmark is automatically constructed via the targeted mutation approach,which is able to convert test questions that are manually crafted by experienced LLM testers and multidisciplinary experts to highly threatening universal test questions.The converted questions still preserve the naturalness of human language without changing the core semantics of the original question,and in the meantime are able to consistently break over ten widely-used LLMs.Based on the incremental linguistic complexity,JADE-DB incorporates three levels of LLM safety testing,namely,basic,advanced and dangerous,which accounts for thousands of test questions covering 4 major unsafe generation categories,i.e.,crime,tort,bias and core values,spanning over 30 unsafe topics.Specifically,we construct three dangerous safety benchmarks respectively for the three groups of LLMs,i.e.,eight open-sourced Chinese,six commercial Chinese and four commercial English LLMs.The benchmarks simultaneously trigger harmful generation of multiple LLMs,with an average unsafe generation ratio of 70%.The results indicate that,due to the complexity of human language,most of the current best LLMs can hardly learn the infinite number of different syntactic structures of human language and thus recognize the invariant evil therein.

关 键 词：生成式人工智能安全 大语言模型 大语言模型安全评测 人工智能安全 自然语言处理 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]