DELMAN: Dynamic Defense Against Large Language Model Jailbreaking with Model Editing

doi:arXiv:2502.11647

	DELMAN: Dynamic Defense Against Large Language Model Jailbreaking with Model Editing
	Wang, Yi 1; Weng, Fenghua1 ; Yang, Sibei 1; Qin, Zhan 2; Huang, Minlie 3; Wang, Wenjie1
	2025-02-17
状态	已发表
摘要	Large Language Models (LLMs) are widely applied in decision making, but their deployment is threatened by jailbreak attacks, where adversarial users manipulate model behavior to bypass safety measures. Existing defense mechanisms, such as safety fine-tuning and model editing, either require extensive parameter modifications or lack precision, leading to performance degradation on general tasks, which is unsuitable to post-deployment safety alignment. To address these challenges, we propose DELMAN (Dynamic Editing for LLMs JAilbreak DefeNse), a novel approach leveraging direct model editing for precise, dynamic protection against jailbreak attacks. DELMAN directly updates a minimal set of relevant parameters to neutralize harmful behaviors while preserving the model's utility. To avoid triggering a safe response in benign context, we incorporate KL-divergence regularization to ensure the updated model remains consistent with the original model when processing benign queries. Experimental results demonstrate that DELMAN outperforms baseline methods in mitigating jailbreak attacks while preserving the model's utility, and adapts seamlessly to new attack instances, providing a practical and efficient solution for post-deployment model protection.
语种	英语
DOI	arXiv:2502.11647
相关网址	查看原文
出处	Arxiv
收录类别	PPRN.PPRN
WOS记录号	PPRN:121699384
WOS类目	Computer Science, Artificial Intelligence ; Computer Science, Information Systems
文献类型	预印本
条目标识符	https://kms.shanghaitech.edu.cn/handle/2MSLDSTB/514094
专题	信息科学与技术学院_硕士生信息科学与技术学院_PI研究组_王雯婕组
通讯作者	Wang, Wenjie
作者单位	1.ShanghaiTech Univ, Shanghai, Peoples R China 2.Zhejiang Univ, Hangzhou, Peoples R China 3.Tsinghua Univ, Beijing, Peoples R China
推荐引用方式 GB/T 7714	Wang, Yi,Weng, Fenghua,Yang, Sibei,et al. DELMAN: Dynamic Defense Against Large Language Model Jailbreaking with Model Editing. 2025.