Attack Success Rate

Attack success rate (ASR) quantifies the effectiveness of adversarial attacks against machine learning models, focusing on compromising their security and reliability. Current research investigates ASR across various model types, including large language models (LLMs), federated learning systems, and text-to-image generators, employing diverse attack methods like gradient-based optimization, backdoor insertion, and prompt engineering. Understanding and improving ASR is crucial for developing robust and secure AI systems, impacting both the theoretical foundations of machine learning and the practical deployment of AI in sensitive applications. The field is actively exploring both improved attack strategies and more effective defenses.

Papers

November 18, 2024

The Dark Side of Trust: Authority Citation-Driven Jailbreak Attacks on Large Language Models
Xikang Yang, Xuehai Tang, Jizhong Han, Songlin Hu
Jailbreak Attack Appropriate Trust Attack Success Rate Adversarial Suffix

November 14, 2024

DROJ: A Prompt-Driven Attack against Large Language Models
Leyang Hu, Boran Wang
Jailbreak Attack Attack Success Rate Prompt Attack

November 6, 2024

MRJ-Agent: An Effective Jailbreak Agent for Multi-Round Dialogue
Fengxiang Wang, Ranjie Duan, Peng Xiao, Xiaojun Jia, YueFeng Chen, Chongwen Wang, Jialing Tao, Hang Su, Jun Zhu, Hui Xue
Agent Smith Jailbreak Attack Multi Turn Dialogue Attack Success Rate

October 30, 2024

HijackRAG: Hijacking Attacks against Retrieval-Augmented Large Language Models
Yucheng Zhang, Qinfeng Li, Tianyu Du, Xuhong Zhang, Xinkui Zhao, Zhengwen Feng, Jianwei Yin
Large Language Model Full Model Retrieval Augmented Generation Attack Success Rate Prompt Attack Hijacking Task

October 18, 2024

Backdoored Retrievers for Prompt Injection Attacks on Retrieval Augmented Generation of Large Language Models
Cody Clop, Yannick Teglia
Retrieval Augmented Generation App to App Retrieval Attack Success Rate Prompt Injection Attack Hybrid Retriever Augmented Generation Injection Attack

October 17, 2024

SPIN: Self-Supervised Prompt INjection
Leon Zhou, Junfeng Yang, Chengzhi Mao
Attack Success Rate Prompt Injection

October 15, 2024

Jigsaw Puzzles: Splitting Harmful Questions to Jailbreak Large Language Models
Hao Yang, Lizhen Qu, Ehsan Shareghi, Gholamreza Haffari
Large Language Model Full Model Jailbreak Attack Large Language Attack Success Rate Jigsaw Puzzle Malicious Query

October 3, 2024

AutoDAN-Turbo: A Lifelong Agent for Strategy Self-Exploration to Jailbreak LLMs
Xiaogeng Liu, Peiran Li, Edward Suh, Yevgeniy Vorobeychik, Zhuoqing Mao, Somesh Jha, Patrick McDaniel, Huan Sun, Bo Li, Chaowei Xiao
Jailbreak Attack Attack Success Rate Lifelong Reinforcement Learning

October 2, 2024

FlipAttack: Jailbreak LLMs via Flipping
Yue Liu, Xiaoxin He, Miao Xiong, Jinlan Fu, Shumin Deng, Bryan Hooi
Jailbreak Attack Attack Success Rate Motor Augmented Mode Black Box LLM Negative Flip Flip Attack

September 26, 2024

Federated Learning under Attack: Improving Gradient Inversion for Batch of Images
Luiz Leite, Yuri Santo, Bruno L. Dalmazo, André Riker
Attack Success Rate Gradient Inversion Attack Gradient Inversion Gradient Attack Batch Greenkhorn

September 23, 2024

LlamaPartialSpoof: An LLM-Driven Fake Speech Dataset Simulating Disinformation Generation
Hieu-Thi Luong, Haoyang Li, Lin Zhang, Kong Aik Lee, Eng Siong Chng
Attack Success Rate Fake Speech Voice Cloning

August 26, 2024

Celtibero: Robust Layered Aggregation for Federated Learning
Borja Molina-Coronado
Poisoning Attack Attack Success Rate State of the Art Defense Adversarial Manipulation

August 18, 2024

July 18, 2024

Krait: A Backdoor Attack Against Graph Prompt Tuning
Ying Song, Rita Singh, Balaji Palanisamy
Backdoor Attack Prompt Tuning Attack Success Rate Trigger Attack Graph Prompt

July 15, 2024

Wicked Oddities: Selectively Poisoning for Effective Clean-Label Backdoor Attacks
Quang H. Nguyen, Nguyen Ngoc-Hieu, The-Anh Ta, Thanh Nguyen-Tang, Kok-Seng Wong, Hoang Thanh-Tung, Khoa D. Doan
Adversarial Attack Backdoor Attack Attack Success Rate Clean Label Backdoor Attack Clean Label Attack

July 2, 2024

Looking From the Future: Multi-order Iterations Can Enhance Adversarial Attack Transferability
Zijian Ying, Qianmu Li, Tao Wang, Zhichao Lian, Shunmei Meng, Xuyun Zhang
Future Reasoning Attack Success Rate Transferable Attack Adversarial Transferability Adversarial Perspective

June 18, 2024

Attack and Defense of Deep Learning Models in the Field of Web Attack Detection
Lijia Shi, Shihao Dong
Deep Learning Model Backdoor Attack Backdoor Defense Limited Field Attack Success Rate Unknown Attack Web Attack

June 17, 2024

Ruby Teaming: Improving Quality Diversity Search with Memory for Automated Red Teaming
Vernon Toh Yan Han, Rishabh Bhardwaj, Soujanya Poria
Memory Trace Red Teaming Attack Success Rate Memory Stability Quality Diversity Search Rainbow Teaming

June 4, 2024

QROA: A Black-Box Query-Response Optimization Attack on LLMs
Hussein Jawad, Nicolas J. -B. BRUNEL
Large Language Model Black Box Optimization Deep Q Learning Attack Success Rate QuEry Based Attack