English

Attention Tracker: Detecting Prompt Injection Attacks in LLMs

Cryptography and Security 2025-04-24 v2 Artificial Intelligence Machine Learning

Abstract

Large Language Models (LLMs) have revolutionized various domains but remain vulnerable to prompt injection attacks, where malicious inputs manipulate the model into ignoring original instructions and executing designated action. In this paper, we investigate the underlying mechanisms of these attacks by analyzing the attention patterns within LLMs. We introduce the concept of the distraction effect, where specific attention heads, termed important heads, shift focus from the original instruction to the injected instruction. Building on this discovery, we propose Attention Tracker, a training-free detection method that tracks attention patterns on instruction to detect prompt injection attacks without the need for additional LLM inference. Our method generalizes effectively across diverse models, datasets, and attack types, showing an AUROC improvement of up to 10.0% over existing methods, and performs well even on small LLMs. We demonstrate the robustness of our approach through extensive evaluations and provide insights into safeguarding LLM-integrated systems from prompt injection vulnerabilities.

Keywords

Cite

@article{arxiv.2411.00348,
  title  = {Attention Tracker: Detecting Prompt Injection Attacks in LLMs},
  author = {Kuo-Han Hung and Ching-Yun Ko and Ambrish Rawat and I-Hsin Chung and Winston H. Hsu and Pin-Yu Chen},
  journal= {arXiv preprint arXiv:2411.00348},
  year   = {2025}
}

Comments

Project page: https://huggingface.co/spaces/TrustSafeAI/Attention-Tracker

R2 v1 2026-06-28T19:43:53.165Z