bh-asia-2024-llm4shell.pdf

《bh-asia-2024-llm4shell.pdf》由会员分享，可在线阅读，更多相关《bh-asia-2024-llm4shell.pdf（37页珍藏版）》请在三个皮匠报告上搜索。

1、#BHASIA BlackHatEventsLLM4Shell:Discovering and Exploiting RCE Vulnerabilities in Real-World LLM-Integrated Frameworks and AppsSpeakers:Tong Liu,Yuekang LiContributors:Zizhuang Deng,Guozhu Meng,Kai Chen#BHASIA BlackHatEventsWhoami-Tong Liu First year PhD student from UCAS IIE CTF player Nu1L&Straw H

2、at AI+Security#BHASIA BlackHatEventsWhoami-Yuekang Li Lecturer(assistant professor)University of New South Wales Software testing+Security#BHASIA BlackHatEventsContributorsZizhuang DengPhD IIE UCASGuozhu MengAssociate Prof IIE UCASKai ChenProf IIE UCAS#BHASIA BlackHatEventsOutline Introduction&Backg

3、round Motivating Example Detection Strategy Exploit in Real-World Scenario Hazard Analysis Mitigation Strategies Conclusion#BHASIA BlackHatEventsIntroduction&Background#BHASIA BlackHatEventsStudied Subjects LLM-Integrated Frameworks:Toolkits or abstractions to interact easily with LLMs for some task

4、s.LLM-Integrated Apps:Apps built upon LLM-integrated frameworks,allowing user to interact with them across natural languages.Question:Is this system safe?1234567#BHASIA BlackHatEventsExisting Attacks-JailbreakJailbreak represents a specialized attack directed at LLMs,involving the strategic construc

5、tion of prompt sequences that make LLMs violate their internal safeguards,resulting in the generation of unexpected or harmful content.Jailbreak example:How to rob a bank-From our paper“Making Them Ask and Answer:Jailbreaking Large Language Modelsin Few Queries via Disguise and Reconstruction”#BHASI

6、A BlackHatEventsExisting Attacks Prompt LeakingPrompt leaking represents an attack that asks the model to show its own(system)prompt.Prompt Leaking on ChatGPT-DALLE#BHASIA BlackHatEventsExisting Attacks Prompt InjectionPrompt injection is the process of overriding original instructions in the prompt