{"id":"https://openalex.org/W4416399787","doi":"https://doi.org/10.48550/arxiv.2510.07835","title":"MetaDefense: Defending Finetuning-based Jailbreak Attack Before and During Generation","display_name":"MetaDefense: Defending Finetuning-based Jailbreak Attack Before and During Generation","publication_year":2025,"publication_date":"2025-10-09","ids":{"openalex":"https://openalex.org/W4416399787","doi":"https://doi.org/10.48550/arxiv.2510.07835"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2510.07835","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2510.07835","pdf_url":"https://arxiv.org/pdf/2510.07835","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2510.07835","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120413998","display_name":"Weisen Jiang","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Jiang, Weisen","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5120508044","display_name":"Sinno Jialin Pan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pan, Sinno Jialin","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5120413998"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":true,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6061999797821045,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.6061999797821045,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.15790000557899475,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11273","display_name":"Advanced Graph Neural Networks","score":0.04910000041127205,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.44670000672340393},{"id":"https://openalex.org/keywords/embedding","display_name":"Embedding","score":0.41670000553131104},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.37299999594688416},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.25380000472068787},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.2531999945640564}],"concepts":[{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6897000074386597},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.682200014591217},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.44670000672340393},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.41670000553131104},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.37299999594688416},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.2662999927997589},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.25380000472068787},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.2531999945640564},{"id":"https://openalex.org/C141141315","wikidata":"https://www.wikidata.org/wiki/Q2379942","display_name":"Guard (computer science)","level":2,"score":0.2476000040769577},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.2257000058889389}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2510.07835","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2510.07835","pdf_url":"https://arxiv.org/pdf/2510.07835","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2510.07835","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2510.07835","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2510.07835","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2510.07835","pdf_url":"https://arxiv.org/pdf/2510.07835","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4416399787.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"This":[0],"paper":[1],"introduces":[2],"MetaDefense,":[3],"a":[4,54],"novel":[5],"framework":[6],"for":[7],"defending":[8],"against":[9,131],"finetuning-based":[10],"jailbreak":[11],"attacks":[12],"in":[13,44],"large":[14],"language":[15],"models":[16],"(LLMs).":[17],"We":[18],"observe":[19],"that":[20,61,73,121],"existing":[21,125],"defense":[22,56,60,72,126,130],"mechanisms":[23],"fail":[24],"to":[25,27,79,90],"generalize":[26],"harmful":[28,42,63,83,108,132],"queries":[29,43,64,96,133],"disguised":[30,41],"by":[31],"unseen":[32,137],"attack":[33,138],"templates,":[34],"despite":[35],"LLMs":[36],"being":[37],"capable":[38],"of":[39,94,106],"distinguishing":[40],"the":[45,88,92],"embedding":[46],"space.":[47],"Based":[48],"on":[49,144],"these":[50],"insights,":[51],"we":[52],"propose":[53],"two-stage":[55],"approach:":[57],"(i)":[58],"pre-generation":[59],"detects":[62],"before":[65],"response":[66],"generation":[67,78],"begins,":[68],"and":[69,97,118,136],"(ii)":[70],"mid-generation":[71],"monitors":[74],"partial":[75,98],"responses":[76,99],"during":[77],"prevent":[80],"outputting":[81],"more":[82],"content.":[84],"Our":[85],"MetaDefense":[86,122],"trains":[87],"LLM":[89,114],"predict":[91],"harmfulness":[93],"both":[95],"using":[100],"specialized":[101],"prompts,":[102],"enabling":[103],"early":[104],"termination":[105],"potentially":[107],"interactions.":[109],"Extensive":[110],"experiments":[111],"across":[112],"multiple":[113],"architectures":[115],"(LLaMA-2-7B,":[116],"Qwen-2.5-3B-Instruct,":[117],"LLaMA-3.2-3B-Instruct)":[119],"demonstrate":[120],"significantly":[123],"outperforms":[124],"mechanisms,":[127],"achieving":[128],"robust":[129],"with":[134],"seen":[135],"templates":[139],"while":[140],"maintaining":[141],"competitive":[142],"performance":[143],"benign":[145],"tasks.":[146],"Code":[147],"is":[148],"available":[149],"at":[150],"https://github.com/ws-jiang/MetaDefense.":[151]},"counts_by_year":[],"updated_date":"2026-03-11T14:59:36.786465","created_date":"2025-10-11T00:00:00"}