English

Detecting Language Model Attacks with Perplexity

Computation and Language 2023-11-08 v3 Artificial Intelligence Cryptography and Security Machine Learning

Abstract

A novel hack involving Large Language Models (LLMs) has emerged, exploiting adversarial suffixes to deceive models into generating perilous responses. Such jailbreaks can trick LLMs into providing intricate instructions to a malicious user for creating explosives, orchestrating a bank heist, or facilitating the creation of offensive content. By evaluating the perplexity of queries with adversarial suffixes using an open-source LLM (GPT-2), we found that they have exceedingly high perplexity values. As we explored a broad range of regular (non-adversarial) prompt varieties, we concluded that false positives are a significant challenge for plain perplexity filtering. A Light-GBM trained on perplexity and token length resolved the false positives and correctly detected most adversarial attacks in the test set.

Keywords

Cite

@article{arxiv.2308.14132,
  title  = {Detecting Language Model Attacks with Perplexity},
  author = {Gabriel Alon and Michael Kamfonas},
  journal= {arXiv preprint arXiv:2308.14132},
  year   = {2023}
}
R2 v1 2026-06-28T12:05:26.874Z