On the Ability of LLMs to Handle Character-Level Perturbations: How Well and How?
This addresses the problem of LLM misuse in scenarios like online exam systems, though it is incremental in exploring robustness mechanisms.
This paper investigates how well large language models (LLMs) handle character-level perturbations, specifically by inserting invisible Unicode control characters (UCC-Inj) to fragment tokenization and reduce signal-to-noise ratio, finding that many LLMs maintain notable performance despite strong obfuscation.
This work investigates the resilience of contemporary LLMs against frequent and structured character-level perturbations, specifically through the insertion of noisy characters after each input character. We introduce UCC-Inj, a practical method that inserts invisible Unicode control characters into text to discourage LLM misuse in scenarios such as online exam systems. Surprisingly, despite strong obfuscation that fragments tokenization and reduces the signal-to-noise ratio significantly, many LLMs still maintain notable performance. Through comprehensive evaluation across model-, problem-, and noise-related configurations, we examine the extent and mechanisms of this robustness, exploring both the handling of character-level tokenization and implicit versus explicit denoising mechanism hypotheses of character-level noises. We hope our findings on the low-level robustness of LLMs will shed light on the risks of their misuse and on the reliability of deploying LLMs across diverse applications.