English

Feature-Aware Malicious Output Detection and Mitigation

Computation and Language 2025-04-15 v1

Abstract

The rapid advancement of large language models (LLMs) has brought significant benefits to various domains while introducing substantial risks. Despite being fine-tuned through reinforcement learning, LLMs lack the capability to discern malicious content, limiting their defense against jailbreak. To address these safety concerns, we propose a feature-aware method for harmful response rejection (FMM), which detects the presence of malicious features within the model's feature space and adaptively adjusts the model's rejection mechanism. By employing a simple discriminator, we detect potential malicious traits during the decoding phase. Upon detecting features indicative of toxic tokens, FMM regenerates the current token. By employing activation patching, an additional rejection vector is incorporated during the subsequent token generation, steering the model towards a refusal response. Experimental results demonstrate the effectiveness of our approach across multiple language models and diverse attack techniques, while crucially maintaining the models' standard generation capabilities.

Keywords

Cite

@article{arxiv.2504.09191,
  title  = {Feature-Aware Malicious Output Detection and Mitigation},
  author = {Weilong Dong and Peiguang Li and Yu Tian and Xinyi Zeng and Fengdi Li and Sirui Wang},
  journal= {arXiv preprint arXiv:2504.09191},
  year   = {2025}
}
R2 v1 2026-06-28T22:55:55.196Z