SafeAligner: Safety Alignment against Jailbreak Attacks via Response Disparity Guidance
This addresses the challenge of securing LLMs against adversarial attacks for users and developers, though it appears incremental as it builds on existing alignment techniques.
The paper tackles the problem of defending large language models against jailbreak attacks by introducing SafeAligner, a decoding-stage method that uses response disparity between safety-focused and risk-prone models to guide token selection, resulting in improved security with minimal utility loss.
As the development of large language models (LLMs) rapidly advances, securing these models effectively without compromising their utility has become a pivotal area of research. However, current defense strategies against jailbreak attacks (i.e., efforts to bypass security protocols) often suffer from limited adaptability, restricted general capability, and high cost. To address these challenges, we introduce SafeAligner, a methodology implemented at the decoding stage to fortify defenses against jailbreak attacks. We begin by developing two specialized models: the Sentinel Model, which is trained to foster safety, and the Intruder Model, designed to generate riskier responses. SafeAligner leverages the disparity in security levels between the responses from these models to differentiate between harmful and beneficial tokens, effectively guiding the safety alignment by altering the output token distribution of the target model. Extensive experiments show that SafeAligner can increase the likelihood of beneficial tokens, while reducing the occurrence of harmful ones, thereby ensuring secure alignment with minimal loss to generality.