AlignTree: Efficient Defense Against LLM Jailbreak Attacks
This addresses the vulnerability of LLMs to adversarial attacks for real-world systems, though it is incremental as it builds on existing defense mechanisms.
The paper tackles the problem of defending Large Language Models (LLM) against jailbreak attacks that bypass safety guidelines, introducing AlignTree to detect misaligned behavior with minimal computational overhead, achieving robust performance across multiple LLMs and benchmarks.
Large Language Models (LLMs) are vulnerable to adversarial attacks that bypass safety guidelines and generate harmful content. Mitigating these vulnerabilities requires defense mechanisms that are both robust and computationally efficient. However, existing approaches either incur high computational costs or rely on lightweight defenses that can be easily circumvented, rendering them impractical for real-world LLM-based systems. In this work, we introduce the AlignTree defense, which enhances model alignment while maintaining minimal computational overhead. AlignTree monitors LLM activations during generation and detects misaligned behavior using an efficient random forest classifier. This classifier operates on two signals: (i) the refusal direction -- a linear representation that activates on misaligned prompts, and (ii) an SVM-based signal that captures non-linear features associated with harmful content. Unlike previous methods, AlignTree does not require additional prompts or auxiliary guard models. Through extensive experiments, we demonstrate the efficiency and robustness of AlignTree across multiple LLMs and benchmarks.