{"id":"https://openalex.org/W7147542699","doi":"https://doi.org/10.48550/arxiv.2603.28817","title":"GUARD-SLM: Token Activation-Based Defense Against Jailbreak Attacks for Small Language Models","display_name":"GUARD-SLM: Token Activation-Based Defense Against Jailbreak Attacks for Small Language Models","publication_year":2026,"publication_date":"2026-03-28","ids":{"openalex":"https://openalex.org/W7147542699","doi":"https://doi.org/10.48550/arxiv.2603.28817"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.28817","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.28817","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.28817","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5132641647","display_name":"Md Jueal Mia","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Mia, Md Jueal","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132598763","display_name":"Joaquin Molto","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Molto, Joaquin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132584561","display_name":"Yanzhao Wu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wu, Yanzhao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5132601830","display_name":"M. Hadi Amini","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Amini, M. Hadi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7064999938011169,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.7064999938011169,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.057500001043081284,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.02160000056028366,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.8004000186920166},{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.7445999979972839},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5598000288009644},{"id":"https://openalex.org/keywords/language-model","display_name":"Language model","score":0.5340999960899353},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.5311999917030334},{"id":"https://openalex.org/keywords/representation","display_name":"Representation (politics)","score":0.5224000215530396},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.3280999958515167},{"id":"https://openalex.org/keywords/data-modeling","display_name":"Data modeling","score":0.3156000077724457}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.808899998664856},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.8004000186920166},{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.7445999979972839},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5598000288009644},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.5340999960899353},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.5311999917030334},{"id":"https://openalex.org/C2776359362","wikidata":"https://www.wikidata.org/wiki/Q2145286","display_name":"Representation (politics)","level":3,"score":0.5224000215530396},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4075999855995178},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.3280999958515167},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3156000077724457},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.30869999527931213},{"id":"https://openalex.org/C138236772","wikidata":"https://www.wikidata.org/wiki/Q25098575","display_name":"Edge device","level":3,"score":0.30809998512268066},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.3070000112056732},{"id":"https://openalex.org/C2983448237","wikidata":"https://www.wikidata.org/wiki/Q1078276","display_name":"Language understanding","level":2,"score":0.3041999936103821},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.301800012588501},{"id":"https://openalex.org/C162307627","wikidata":"https://www.wikidata.org/wiki/Q204833","display_name":"Enhanced Data Rates for GSM Evolution","level":2,"score":0.2858999967575073},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.28200000524520874},{"id":"https://openalex.org/C204321447","wikidata":"https://www.wikidata.org/wiki/Q30642","display_name":"Natural language processing","level":1,"score":0.2667999863624573},{"id":"https://openalex.org/C116409475","wikidata":"https://www.wikidata.org/wiki/Q1385056","display_name":"External Data Representation","level":2,"score":0.2515000104904175},{"id":"https://openalex.org/C2778572836","wikidata":"https://www.wikidata.org/wiki/Q380933","display_name":"Space (punctuation)","level":2,"score":0.2500999867916107}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.28817","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.28817","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.28817","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.28817","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Small":[0],"Language":[1,14],"Models":[2,15],"(SLMs)":[3],"are":[4],"emerging":[5],"as":[6],"efficient":[7,35],"and":[8,25,34,86,111,165],"economically":[9],"viable":[10],"alternatives":[11],"to":[12,52,97,145],"Large":[13],"(LLMs),":[16],"offering":[17],"competitive":[18],"performance":[19],"with":[20],"significantly":[21],"lower":[22],"computational":[23],"costs":[24],"latency.":[26],"These":[27],"advantages":[28],"make":[29],"SLMs":[30,85,93],"suitable":[31],"for":[32,170],"resource-constrained":[33],"deployment":[36],"on":[37,79,128],"edge":[38],"devices.":[39],"However,":[40],"existing":[41],"jailbreak":[42,68,81],"defenses":[43],"show":[44],"limited":[45],"robustness":[46,158],"against":[47],"heterogeneous":[48],"attacks,":[49],"largely":[50],"due":[51],"an":[53],"incomplete":[54],"understanding":[55],"of":[56,63,162],"the":[57,123,142],"internal":[58,124],"representations":[59],"across":[60,83,108,160],"different":[61,109,116],"layers":[62,110,161],"language":[64,163,173],"models":[65,164],"that":[66,92,100,115,139],"facilitate":[67],"behaviors.":[69],"In":[70],"this":[71,129],"paper,":[72],"we":[73,131],"conduct":[74],"a":[75,134,167],"comprehensive":[76],"empirical":[77],"study":[78],"9":[80],"attacks":[82],"7":[84],"3":[87],"LLMs.":[88],"Our":[89,155],"analysis":[90],"shows":[91],"remain":[94],"highly":[95],"vulnerable":[96],"malicious":[98,147],"prompts":[99,148],"bypass":[101],"safety":[102],"alignment.":[103],"We":[104],"analyze":[105],"hidden-layer":[106],"activations":[107],"model":[112,174],"architectures,":[113],"revealing":[114],"input":[117],"types":[118],"form":[119],"distinguishable":[120],"patterns":[121],"in":[122,141],"representation":[125,143],"space.":[126],"Based":[127],"observation,":[130],"propose":[132],"GUARD-SLM,":[133],"lightweight":[135],"token":[136],"activation-based":[137],"method":[138],"operates":[140],"space":[144],"filter":[146],"during":[149],"inference":[150],"while":[151],"preserving":[152],"benign":[153],"ones.":[154],"findings":[156],"highlight":[157],"limitations":[159],"provide":[166],"practical":[168],"direction":[169],"secure":[171],"small":[172],"deployment.":[175]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-02T00:00:00"}