IntentObfuscator: A Jailbreaking Method via Confusing LLM with Prompts IntentObfuscator: A Jailbreaking Method via Confusing LLM with Prompts
Published in European Symposium on Research in Computer Security (ESORICS 2024), LNCS 14985, Springer, 2024
Recommended citation: Shang Shang, Zhongjiang Yao, Yepeng Yao, Liya Su, Zijing Fan, Xiaodan Zhang, Zhengwei Jiang. IntentObfuscator: A Jailbreaking Method via Confusing LLM with Prompts. In J. Garcia-Alfaro et al. (Eds.): ESORICS 2024, LNCS 14985, pp. 146-165, Springer, 2024. https://doi.org/10.1007/978-3-031-70903-6_8
Recommended citation: Shang Shang, Zhongjiang Yao, Yepeng Yao, Liya Su, Zijing Fan, Xiaodan Zhang, Zhengwei Jiang. IntentObfuscator: A Jailbreaking Method via Confusing LLM with Prompts. In J. Garcia-Alfaro et al. (Eds.): ESORICS 2024, LNCS 14985, pp. 146-165, Springer, 2024. DOI: 10.1007/978-3-031-70903-6_8.
Abstract
In the era of Large Language Models (LLMs), developers establish content review conditions to comply with legal, policy, and societal requirements, aiming to prevent the generation of sensitive or restricted content due to considerations like social security, privacy, and criminal justice. However, persistent attempts by attackers and security researchers to bypass content security measures have led to the emergence of various jailbreak technologies, including role-playing, adversarial suffixes, encryption, and more. This paper presents a novel LLM black-box jailbreak framework called IntentObfuscator, designed to obscure the true intention of user prompts and thereby elicit restricted content during content generation. Two examples, namely Obscure Intention and Create Ambiguity, are presented within this framework, outlining the implementation method. Experimental results highlight the effectiveness of the proposed method, which significantly improves the attack strategy against LLM content security mechanisms, referred to as the “Red Team” attack.
