English

Intention Analysis Makes LLMs A Good Jailbreak Defender

Computation and Language 2024-12-17 v4

Abstract

Aligning large language models (LLMs) with human values, particularly when facing complex and stealthy jailbreak attacks, presents a formidable challenge. Unfortunately, existing methods often overlook this intrinsic nature of jailbreaks, which limits their effectiveness in such complex scenarios. In this study, we present a simple yet highly effective defense strategy, i.e., Intention Analysis (IA\mathbb{IA}). IA\mathbb{IA} works by triggering LLMs' inherent self-correct and improve ability through a two-stage process: 1) analyzing the essential intention of the user input, and 2) providing final policy-aligned responses based on the first round conversation. Notably, IA\mathbb{IA} is an inference-only method, thus could enhance LLM safety without compromising their helpfulness. Extensive experiments on varying jailbreak benchmarks across a wide range of LLMs show that IA\mathbb{IA} could consistently and significantly reduce the harmfulness in responses (averagely -48.2% attack success rate). Encouragingly, with our IA\mathbb{IA}, Vicuna-7B even outperforms GPT-3.5 regarding attack success rate. We empirically demonstrate that, to some extent, IA\mathbb{IA} is robust to errors in generated intentions. Further analyses reveal the underlying principle of IA\mathbb{IA}: suppressing LLM's tendency to follow jailbreak prompts, thereby enhancing safety.

Keywords

Cite

@article{arxiv.2401.06561,
  title  = {Intention Analysis Makes LLMs A Good Jailbreak Defender},
  author = {Yuqi Zhang and Liang Ding and Lefei Zhang and Dacheng Tao},
  journal= {arXiv preprint arXiv:2401.06561},
  year   = {2024}
}

Comments

COLING 2025

R2 v1 2026-06-28T14:15:13.830Z