-
Detection and Defense Against Prominent Attacks on Preconditioned LLM-Integrated Virtual Assistants
Authors:
Chun Fai Chan,
Daniel Wankit Yip,
Aysan Esmradi
Abstract:
The emergence of LLM (Large Language Model) integrated virtual assistants has brought about a rapid transformation in communication dynamics. During virtual assistant development, some developers prefer to leverage the system message, also known as an initial prompt or custom prompt, for preconditioning purposes. However, it is important to recognize that an excessive reliance on this functionalit…
▽ More
The emergence of LLM (Large Language Model) integrated virtual assistants has brought about a rapid transformation in communication dynamics. During virtual assistant development, some developers prefer to leverage the system message, also known as an initial prompt or custom prompt, for preconditioning purposes. However, it is important to recognize that an excessive reliance on this functionality raises the risk of manipulation by malicious actors who can exploit it with carefully crafted prompts. Such malicious manipulation poses a significant threat, potentially compromising the accuracy and reliability of the virtual assistant's responses. Consequently, safeguarding the virtual assistants with detection and defense mechanisms becomes of paramount importance to ensure their safety and integrity. In this study, we explored three detection and defense mechanisms aimed at countering attacks that target the system message. These mechanisms include inserting a reference key, utilizing an LLM evaluator, and implementing a Self-Reminder. To showcase the efficacy of these mechanisms, they were tested against prominent attack techniques. Our findings demonstrate that the investigated mechanisms are capable of accurately identifying and counteracting the attacks. The effectiveness of these mechanisms underscores their potential in safeguarding the integrity and reliability of virtual assistants, reinforcing the importance of their implementation in real-world scenarios. By prioritizing the security of virtual assistants, organizations can maintain user trust, preserve the integrity of the application, and uphold the high standards expected in this era of transformative technologies.
△ Less
Submitted 1 January, 2024;
originally announced January 2024.
-
A Novel Evaluation Framework for Assessing Resilience Against Prompt Injection Attacks in Large Language Models
Authors:
Daniel Wankit Yip,
Aysan Esmradi,
Chun Fai Chan
Abstract:
Prompt injection attacks exploit vulnerabilities in large language models (LLMs) to manipulate the model into unintended actions or generate malicious content. As LLM integrated applications gain wider adoption, they face growing susceptibility to such attacks. This study introduces a novel evaluation framework for quantifying the resilience of applications. The framework incorporates innovative t…
▽ More
Prompt injection attacks exploit vulnerabilities in large language models (LLMs) to manipulate the model into unintended actions or generate malicious content. As LLM integrated applications gain wider adoption, they face growing susceptibility to such attacks. This study introduces a novel evaluation framework for quantifying the resilience of applications. The framework incorporates innovative techniques designed to ensure representativeness, interpretability, and robustness. To ensure the representativeness of simulated attacks on the application, a meticulous selection process was employed, resulting in 115 carefully chosen attacks based on coverage and relevance. For enhanced interpretability, a second LLM was utilized to evaluate the responses generated from these simulated attacks. Unlike conventional malicious content classifiers that provide only a confidence score, the LLM-based evaluation produces a score accompanied by an explanation, thereby enhancing interpretability. Subsequently, a resilience score is computed by assigning higher weights to attacks with greater impact, thus providing a robust measurement of the application resilience. To assess the framework's efficacy, it was applied on two LLMs, namely Llama2 and ChatGLM. Results revealed that Llama2, the newer model exhibited higher resilience compared to ChatGLM. This finding substantiates the effectiveness of the framework, aligning with the prevailing notion that newer models tend to possess greater resilience. Moreover, the framework exhibited exceptional versatility, requiring only minimal adjustments to accommodate emerging attack techniques and classifications, thereby establishing itself as an effective and practical solution. Overall, the framework offers valuable insights that empower organizations to make well-informed decisions to fortify their applications against potential threats from prompt injection.
△ Less
Submitted 1 January, 2024;
originally announced January 2024.
-
A Comprehensive Survey of Attack Techniques, Implementation, and Mitigation Strategies in Large Language Models
Authors:
Aysan Esmradi,
Daniel Wankit Yip,
Chun Fai Chan
Abstract:
Ensuring the security of large language models (LLMs) is an ongoing challenge despite their widespread popularity. Developers work to enhance LLMs security, but vulnerabilities persist, even in advanced versions like GPT-4. Attackers exploit these weaknesses, highlighting the need for proactive cybersecurity measures in AI model development. This article explores two attack categories: attacks on…
▽ More
Ensuring the security of large language models (LLMs) is an ongoing challenge despite their widespread popularity. Developers work to enhance LLMs security, but vulnerabilities persist, even in advanced versions like GPT-4. Attackers exploit these weaknesses, highlighting the need for proactive cybersecurity measures in AI model development. This article explores two attack categories: attacks on models themselves and attacks on model applications. The former requires expertise, access to model data, and significant implementation time, while the latter is more accessible to attackers and has seen increased attention. Our study reviews over 100 recent research works, providing an in-depth analysis of each attack type. We identify the latest attack methods and explore various approaches to carry them out. We thoroughly investigate mitigation techniques, assessing their effectiveness and limitations. Furthermore, we summarize future defenses against these attacks. We also examine real-world techniques, including reported and our implemented attacks on LLMs, to consolidate our findings. Our research highlights the urgency of addressing security concerns and aims to enhance the understanding of LLM attacks, contributing to robust defense development in this evolving domain.
△ Less
Submitted 18 December, 2023;
originally announced December 2023.
-
Painterly Reality: Enhancing Audience Experience with Paintings through Interactive Art
Authors:
Aven Le Zhou,
Kang Zhang,
David Yip
Abstract:
Perceiving paintings entails more than merely engaging the audience's eyes and brains; their perceptions and experiences of a painting can be intricately connected with body movement. This paper proposes an interactive art approach entitled "Painterly Reality" that facilitates the perception and interaction with paintings in a three-dimensional manner. Its objective is to promote bodily engagement…
▽ More
Perceiving paintings entails more than merely engaging the audience's eyes and brains; their perceptions and experiences of a painting can be intricately connected with body movement. This paper proposes an interactive art approach entitled "Painterly Reality" that facilitates the perception and interaction with paintings in a three-dimensional manner. Its objective is to promote bodily engagement with the painting (i.e., embedded body embodiment and its movement and interaction) to enhance the audience's experience, while maintaining its essence. Unlike two-dimensional interactions, this approach constructs the Painterly Reality by capturing the audience's body embodiment in real-time and embedding into a three-dimensional painterly world derived from a given painting input. Through their body embodiment, the audience can navigate the painterly world and play with the magical realism (i.e., interactive painterly objects), fostering meaningful experiences via interactions. The Painterly Reality is subsequently projected through an Augmented Reality Mirror as a live painting and displayed in front of the audience. Hence, the audience can gain enhanced experiences through bodily engagement while simultaneously viewing and appreciating the live painting. The paper implements the proposed approach as an interactive artwork, entitled "Everyday Conjunctive," with Fong Tse Ka's painting and installs in a local museum, which successfully enhances audience experience through bodily engagement.
△ Less
Submitted 2 December, 2023;
originally announced December 2023.
-
Is It the End? Guidelines for Cinematic Endings in Data Videos
Authors:
Xian Xu,
Aoyu Wu,
Leni Yang,
Zheng Wei,
Rong Huang,
David Yip,
Huamin Qu
Abstract:
Data videos are becoming increasingly popular in society and academia. Yet little is known about how to create endings that strengthen a lasting impression and persuasion. To fulfill the gap, this work aims to develop guidelines for data video endings by drawing inspiration from cinematic arts. To contextualize cinematic endings in data videos, 111 film endings and 105 data video endings are first…
▽ More
Data videos are becoming increasingly popular in society and academia. Yet little is known about how to create endings that strengthen a lasting impression and persuasion. To fulfill the gap, this work aims to develop guidelines for data video endings by drawing inspiration from cinematic arts. To contextualize cinematic endings in data videos, 111 film endings and 105 data video endings are first analyzed to identify four common styles using the framework of ending punctuation marks. We conducted expert interviews (N=11) and formulated 20 guidelines for creating cinematic endings in data videos. To validate our guidelines, we conducted a user study where 24 participants were invited to design endings with and without our guidelines, which are evaluated by experts and the general public. The participants praise the clarity and usability of the guidelines, and results show that the endings with guidelines are perceived to be more understandable, impressive, and reflective.
△ Less
Submitted 25 March, 2023;
originally announced March 2023.
-
From `Wow' to `Why': Guidelines for Creating the Opening of a Data Video with Cinematic Styles
Authors:
Xian Xu,
Leni Yang,
David Yip,
Mingming Fan,
Zheng Wei,
Huamin Qu
Abstract:
Data videos are an increasingly popular storytelling form. The opening of a data video critically influences its success as the opening either attracts the audience to continue watching or bores them to abandon watching. However, little is known about how to create an attractive opening. We draw inspiration from the openings of famous films to facilitate designing data video openings. First, by an…
▽ More
Data videos are an increasingly popular storytelling form. The opening of a data video critically influences its success as the opening either attracts the audience to continue watching or bores them to abandon watching. However, little is known about how to create an attractive opening. We draw inspiration from the openings of famous films to facilitate designing data video openings. First, by analyzing over 200 films from several sources, we derived six primary cinematic opening styles adaptable to data videos. Then, we consulted eight experts from the film industry to formulate 28 guidelines. To validate the usability and effectiveness of the guidelines, we asked participants to create data video openings with and without the guidelines, which were then evaluated by experts and the general public. Results showed that the openings designed with the guidelines were perceived to be more attractive, and the guidelines were praised for clarity and inspiration.
△ Less
Submitted 6 February, 2022;
originally announced February 2022.