Thoughts Behind Attack: Enhancing Security Against Jailbreak Attacks Using Chain-of-Thought
摘要
With the rapid development and widespread adoption of large language models (LLMs), the safety of LLMs has become a major concern. The inexplicability and unsafe outputs of LLMs pose significant obstacles to achieving artificial general intelligence (AGI). To enhance the safety of LLMs, researchers have developed various jailbreak attack methods and defense methods. In this paper, we propose SafeCoT, a novel defense method leveraging Chain-of-Thought (CoT) without any optimization or training. We believe that certain jailbreak attacks share a common logic, and based on this insight, we present SafeCoT. Specifically, to help LLMs understand the thoughts behind jailbreak attacks, we propose a jailbreak attack taxonomy and a corresponding jailbreak prompts dataset, JATD. Subsequently, we introduce SafeCoT, which consists of two parts: System Prompt and Safe Suffix. For different scenarios, we develop two forms of Safe Suffix, Manual-CoT and Zero-Shot-CoT. Through extensive experiments on 10 jailbreak attacks and 3 different LLMs, the results demonstrate that SafeCoT significantly reduces the attack success rate while maintaining good general performance. We hope our work can provide new perspectives and insights into LLM safety, and encourage further research to explore the underlying logic and mechanisms of jailbreak attacks.