{"id":"https://openalex.org/W4416851521","doi":"https://doi.org/10.1145/3733800.3763264","title":"LLM Safeguard is a Double-Edged Sword: Exploiting False Positives for Denial-of-Service Attacks","display_name":"LLM Safeguard is a Double-Edged Sword: Exploiting False Positives for Denial-of-Service Attacks","publication_year":2025,"publication_date":"2025-10-13","ids":{"openalex":"https://openalex.org/W4416851521","doi":"https://doi.org/10.1145/3733800.3763264"},"language":null,"primary_location":{"id":"doi:10.1145/3733800.3763264","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733800.3763264","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3733800.3763264","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 Workshop on Large AI Systems and Models with Privacy and Security Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3733800.3763264","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101849331","display_name":"Qingzhao Zhang","orcid":"https://orcid.org/0000-0003-2598-5988"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qingzhao Zhang","raw_affiliation_strings":["University of Michigan, Ann Arbor, Michigan, USA"],"raw_orcid":"https://orcid.org/0000-0003-2598-5988","affiliations":[{"raw_affiliation_string":"University of Michigan, Ann Arbor, Michigan, USA","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5000633452","display_name":"Ziyang Xiong","orcid":"https://orcid.org/0009-0001-4172-123X"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ziyang Xiong","raw_affiliation_strings":["University of Michigan, Ann Arbor, Michigan, USA"],"raw_orcid":"https://orcid.org/0009-0001-4172-123X","affiliations":[{"raw_affiliation_string":"University of Michigan, Ann Arbor, Michigan, USA","institution_ids":["https://openalex.org/I27837315"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5003217329","display_name":"Z. Morley Mao","orcid":"https://orcid.org/0000-0002-9844-2055"},"institutions":[{"id":"https://openalex.org/I27837315","display_name":"University of Michigan","ror":"https://ror.org/00jmfr291","country_code":"US","type":"education","lineage":["https://openalex.org/I27837315"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Morley Mao","raw_affiliation_strings":["University of Michigan, Ann Arbor, Michigan, USA"],"raw_orcid":"https://orcid.org/0000-0002-9844-2055","affiliations":[{"raw_affiliation_string":"University of Michigan, Ann Arbor, Michigan, USA","institution_ids":["https://openalex.org/I27837315"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101849331"],"corresponding_institution_ids":["https://openalex.org/I27837315"],"apc_list":null,"apc_paid":null,"fwci":3.979,"has_fulltext":true,"cited_by_count":2,"citation_normalized_percentile":{"value":0.94493743,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"10"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.35740000009536743,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.35740000009536743,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.08669999986886978,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.08139999955892563,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/safeguard","display_name":"Safeguard","score":0.8500999808311462},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7333999872207642},{"id":"https://openalex.org/keywords/guard","display_name":"Guard (computer science)","score":0.6025999784469604},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6007000207901001},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.5613999962806702},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.41200000047683716},{"id":"https://openalex.org/keywords/block","display_name":"Block (permutation group theory)","score":0.40630000829696655},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.391400009393692}],"concepts":[{"id":"https://openalex.org/C2780771206","wikidata":"https://www.wikidata.org/wiki/Q3271761","display_name":"Safeguard","level":2,"score":0.8500999808311462},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7817000150680542},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7333999872207642},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.6025999784469604},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6007000207901001},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5774999856948853},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.5613999962806702},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.41200000047683716},{"id":"https://openalex.org/C2777210771","wikidata":"https://www.wikidata.org/wiki/Q4927124","display_name":"Block (permutation group theory)","level":2,"score":0.40630000829696655},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.391400009393692},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.3853999972343445},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.32820001244544983},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.325300008058548},{"id":"https://openalex.org/C196903269","wikidata":"https://www.wikidata.org/wiki/Q6059063","display_name":"Intrusion tolerance","level":3,"score":0.30309998989105225},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.302700012922287},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.28360000252723694},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.28189998865127563},{"id":"https://openalex.org/C165064840","wikidata":"https://www.wikidata.org/wiki/Q1321061","display_name":"Matching (statistics)","level":2,"score":0.27959999442100525},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.27070000767707825},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.2700999975204468},{"id":"https://openalex.org/C100776233","wikidata":"https://www.wikidata.org/wiki/Q2532492","display_name":"Bridge (graph theory)","level":2,"score":0.2696000039577484}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3733800.3763264","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733800.3763264","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3733800.3763264","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 Workshop on Large AI Systems and Models with Privacy and Security Analysis","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3733800.3763264","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733800.3763264","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3733800.3763264","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 Workshop on Large AI Systems and Models with Privacy and Security Analysis","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3389231979","display_name":null,"funder_award_id":"CMMI-2038215, CNS-2321532, 2112562","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416851521.pdf","grobid_xml":"https://content.openalex.org/works/W4416851521.grobid-xml"},"referenced_works_count":8,"referenced_works":["https://openalex.org/W2970641574","https://openalex.org/W3090717071","https://openalex.org/W3098267758","https://openalex.org/W4389524506","https://openalex.org/W4401042350","https://openalex.org/W4402264526","https://openalex.org/W4415796822","https://openalex.org/W4415798997"],"related_works":[],"abstract_inverted_index":{"Safety":[0],"is":[1],"a":[2,44,80,103,190],"paramount":[3],"concern":[4],"for":[5],"large":[6],"language":[7],"models":[8],"(LLMs)":[9],"in":[10,48,148,193],"open":[11],"deployment,":[12],"motivating":[13],"the":[14,35,49,58,70,88,113,116,124,133,138,149,156],"development":[15],"of":[16,38,51,66,91,129,140,151,180],"safeguard":[17,39,71,127,195],"methods":[18,40,99],"that":[19,33,57,100,175],"enforce":[20],"ethical":[21],"and":[22,111],"responsible":[23],"use":[24,159],"through":[25],"safety":[26],"alignment":[27],"or":[28],"guardrail":[29],"mechanisms.":[30],"Jailbreak":[31],"attacks":[32],"exploit":[34,63],"false":[36,64,201],"negatives":[37],"have":[41],"emerged":[42],"as":[43],"prominent":[45],"research":[46],"focus":[47],"field":[50],"LLM":[52,84,114,194],"security.":[53],"However,":[54],"we":[55,95],"found":[56],"malicious":[59],"attackers":[60],"could":[61],"also":[62],"positives":[65],"safeguards,":[67],"i.e.,":[68],"fooling":[69],"model":[72],"to":[73,79,163,200],"block":[74,177],"safe":[75,167],"content":[76],"mistakenly,":[77],"leading":[78],"denial-of-service":[81],"(DoS)":[82],"affecting":[83],"users.":[85],"To":[86],"bridge":[87],"knowledge":[89],"gap":[90],"this":[92,141],"overlooked":[93],"threat,":[94],"explore":[96],"multiple":[97,144],"attack":[98,125],"include":[101],"inserting":[102],"short":[104],"adversarial":[105,153,168,198],"prompt":[106,109,154],"into":[107],"user":[108,130,181],"templates":[110],"corrupting":[112],"on":[115,183],"server":[117],"by":[118],"poisoned":[119],"fine-tuning.":[120],"In":[121],"both":[122],"ways,":[123],"triggers":[126],"rejections":[128],"requests":[131,182],"from":[132],"client.":[134],"Our":[135],"evaluation":[136,196],"demonstrates":[137],"severity":[139],"threat":[142],"across":[143],"scenarios.":[145],"For":[146],"instance,":[147],"scenario":[150],"white-box":[152],"injection,":[155],"attacker":[157],"can":[158],"our":[160],"optimization":[161],"process":[162],"automatically":[164],"generate":[165],"seemingly":[166],"prompts,":[169],"approximately":[170],"only":[171],"30":[172],"characters":[173],"long,":[174],"universally":[176],"over":[178],"97%":[179],"Llama":[184],"Guard":[185],"3.":[186],"These":[187],"findings":[188],"reveal":[189],"new":[191],"dimension":[192],"\u2014":[197],"robustness":[199],"positives.":[202]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1}],"updated_date":"2026-05-14T08:36:36.166977","created_date":"2025-12-01T00:00:00"}