Large Language Models (LLMS) have increasingly become central to generating content with potential societal impacts. Notably, these models have demonstrated capabilities for generating content that could be deemed harmful. To mitigate these risks, researchers have adopted safety training techniques to align model outputs with societal values to curb the generation of malicious content. However, the phenomenon of "jailbreaking", where carefully crafted prompts elicit harmful responses from models, persists as a significant challenge. This research conducts a comprehensive analysis of existing studies on jailbreaking LLMs and their defense techniques. We meticulously investigate nine attack techniques and seven defense techniques applied across three distinct language models: Vicuna, LLama, and GPT-3.5 Turbo. We aim to evaluate the effectiveness of these attack and defense techniques. Our findings reveal that existing white-box attacks underperform compared to universal techniques and that including special tokens in the input significantly affects the likelihood of successful attacks. This research highlights the need to concentrate on the security facets of LLMs. Additionally, we contribute to the field by releasing our datasets and testing framework, aiming to foster further research into LLM security. We believe these contributions will facilitate the exploration of security measures within this domain.

翻译：大型语言模型（LLMs）日益成为生成具有潜在社会影响内容的核心工具。值得注意的是，这些模型已展现出生成可能被视为有害内容的能力。为降低此类风险，研究人员采用安全训练技术，使模型输出与社会价值观对齐，从而遏制恶意内容的生成。然而，通过精心构造的提示词诱导模型产生有害响应的"越狱"现象，仍是一项重大挑战。本研究对现有关于LLMs越狱攻击及其防御技术的研究进行了综合分析。我们系统考察了三种不同语言模型（Vicuna、LLaMA和GPT-3.5 Turbo）上应用的九种攻击技术和七种防御技术，旨在评估这些攻防技术的有效性。研究结果表明，现有白盒攻击技术的表现普遍弱于通用技术，且输入中包含特殊标记会显著影响攻击成功率。本研究凸显了聚焦LLMs安全层面的必要性。此外，我们通过发布数据集和测试框架为该领域做出贡献，旨在推动针对LLM安全性的进一步研究。我们相信这些贡献将促进该领域安全措施的探索。