The advent of large language models (LLMs) has revolutionized the field of natural language processing, yet they might be attacked to produce harmful content. Despite efforts to ethically align LLMs, these are often fragile and can be circumvented by jailbreaking attacks through optimized or manual adversarial prompts. To address this, we introduce the Information Bottleneck Protector (IBProtector), a defense mechanism grounded in the information bottleneck principle, and we modify the objective to avoid trivial solutions. The IBProtector selectively compresses and perturbs prompts, facilitated by a lightweight and trainable extractor, preserving only essential information for the target LLMs to respond with the expected answer. Moreover, we further consider a situation where the gradient is not visible to be compatible with any LLM. Our empirical evaluations show that IBProtector outperforms current defense methods in mitigating jailbreak attempts, without overly affecting response quality or inference speed. Its effectiveness and adaptability across various attack methods and target LLMs underscore the potential of IBProtector as a novel, transferable defense that bolsters the security of LLMs without requiring modifications to the underlying models.

翻译：大语言模型（LLM）的出现彻底改变了自然语言处理领域，然而它们可能受到攻击而产生有害内容。尽管已有努力使LLM在伦理上对齐，但这些方法往往较为脆弱，可通过优化或手动设计的对抗性提示（jailbreaking攻击）被绕过。为解决此问题，我们引入了基于信息瓶颈原理的防御机制——信息瓶颈保护器（IBProtector），并修正目标函数以避免得到平凡解。IBProtector通过轻量级可训练提取器对提示进行选择性压缩与扰动，仅保留目标LLM生成预期应答所必需的关键信息。此外，我们进一步考虑了梯度不可见的情况，使其与任意LLM兼容。实验评估表明，IBProtector在缓解越狱攻击方面优于现有防御方法，且不会过度影响响应质量或推理速度。其在多种攻击方法和目标LLM下的有效性与适应性，凸显了IBProtector作为一种新颖、可迁移防御手段的潜力——它能在不修改底层模型的情况下增强LLM的安全性。