GUARDIAN: A Multi-Tiered Defense Architecture for Thwarting Prompt Injection Attacks on LLMs  

作　　者：Parijat Rai Saumil Sood Vijay K. Madisetti Arshdeep Bahga Parijat Rai;Saumil Sood;Vijay K. Madisetti;Arshdeep Bahga(School of Computer Science Engineering & Technology, Bennett University, Greater Noida, India;School of Cybersecurity and Privacy, Georgia Institute of Technology, Atlanta, USA;Cloudemy Technology Labs, Chandigarh, India)

机构地区：[1]School of Computer Science Engineering & Technology, Bennett University, Greater Noida, India [2]School of Cybersecurity and Privacy, Georgia Institute of Technology, Atlanta, USA [3]Cloudemy Technology Labs, Chandigarh, India

出　　处：《Journal of Software Engineering and Applications》2024年第1期43-68,共26页软件工程与应用（英文）

摘　　要：This paper introduces a novel multi-tiered defense architecture to protect language models from adversarial prompt attacks. We construct adversarial prompts using strategies like role emulation and manipulative assistance to simulate real threats. We introduce a comprehensive, multi-tiered defense framework named GUARDIAN (Guardrails for Upholding Ethics in Language Models) comprising a system prompt filter, pre-processing filter leveraging a toxic classifier and ethical prompt generator, and pre-display filter using the model itself for output screening. Extensive testing on Meta’s Llama-2 model demonstrates the capability to block 100% of attack prompts. The approach also auto-suggests safer prompt alternatives, thereby bolstering language model security. Quantitatively evaluated defense layers and an ethical substitution mechanism represent key innovations to counter sophisticated attacks. The integrated methodology not only fortifies smaller LLMs against emerging cyber threats but also guides the broader application of LLMs in a secure and ethical manner.This paper introduces a novel multi-tiered defense architecture to protect language models from adversarial prompt attacks. We construct adversarial prompts using strategies like role emulation and manipulative assistance to simulate real threats. We introduce a comprehensive, multi-tiered defense framework named GUARDIAN (Guardrails for Upholding Ethics in Language Models) comprising a system prompt filter, pre-processing filter leveraging a toxic classifier and ethical prompt generator, and pre-display filter using the model itself for output screening. Extensive testing on Meta’s Llama-2 model demonstrates the capability to block 100% of attack prompts. The approach also auto-suggests safer prompt alternatives, thereby bolstering language model security. Quantitatively evaluated defense layers and an ethical substitution mechanism represent key innovations to counter sophisticated attacks. The integrated methodology not only fortifies smaller LLMs against emerging cyber threats but also guides the broader application of LLMs in a secure and ethical manner.

关 键 词：Large Language Models (LLMs) Adversarial Attack Prompt Injection Filter Defense Artificial Intelligence Machine Learning CYBERSECURITY 

分 类 号：H31[语言文字—英语]