首页|期刊导航|中国工程科学|面向安全治理的大语言模型风险分析与应对策略研究

面向安全治理的大语言模型风险分析与应对策略研究OA

Risk Analysis and Response Strategies of Large Language Models for Security Governance

中文摘要英文摘要

大语言模型(LLM)安全风险的认知碎片化、治理策略滞后现象凸显,亟需融合风险机理分析、量化评估、治理实践的综合框架.本文在辨析全球治理实践的演变与挑战、现有LLM风险分类分级框架呈碎片化与割裂化的基础上,揭示了LLM风险源于模型内部复杂性、外部交互的二元触发机制,将风险剖析为内生安全、应用安全两个维度,据此提出了"双维驱动"的风险分析与治理框架;引入了"风险标签卡片"作为标准化工具,采用"人工智能+人类专家协同"范式进行了真实安全案例的结构化解析,结合改进的DREAD风险矩阵模型,建立了从定性识别到定量分级的完整评估方法论;最终构建了LLM安全风险分类体系以及覆盖主要风险类型的高、中、低三级风险图谱,并从实施"双维驱动"的风险管控核心策略、健全系统性的治理保障体系两方面形成了LLM安全风险治理建议.研究提出的"双维驱动"的风险分析与治理框架,具有良好的理论兼容性与动态特性,为精准评估和治理LLM安全风险提供了理论工具,有效弥合了LLM安全风险治理实践存在的"理论-操作鸿沟",为持续追踪和理解LLM安全风险并制定安全政策提供了直接参考.

To address the challenges of fragmented understanding of Large Language Model(LLM)security risks and the inadequacy of LLM risk classification and grading frameworks,this study aims to construct a comprehensive framework that integrates risk mechanism analysis,quantitative assessment,and governance practices.Theoretically,this study synthesizes and reconstructs multiple foundational theories,including socio-technical systems,social systems theory,and safety science,to reveal that risks originate from a dual trigger mechanism of the model's"internal complexity"and"external interaction."It consequently dissects risks into two primary dimensions—"internal safety"and"application security"—providing a unified theoretical foundation for a systematic governance framework.Methodologically,the study introduces"Risk Label Cards"as a standardized tool and employs an"Artificial Intelligence+Human Expert Collaboration"approach to structurally analyze real-world security incidents.Combined with an improved DREAD(damage,reproducibility,exploitability,affected users,discoverability)risk matrix model,it establishes a complete assessment methodology that spans from qualitative identification to quantitative grading.The research culminates in the construction of a systematic risk classification system and a three-tiered(high,medium,low)risk landscape covering major risk types.The"dual-dimensional driven"risk analysis and governance framework constructed in this study provides a systematic theoretical tool for the precise assessment and governance of LLM risks,effectively bridging the"theory-practice gap"in governance.Furthermore,with its theoretical compatibility and dynamic characteristics,the framework provides a reference for continuously tracking and understanding the evolution of LLM security risks and for security policy research.

贾堃;张钰歆;陈继昀;齐佳音;方滨兴

广州大学网络空间安全学院,广州 510006||广州大学黄埔研究院,广州 510006||粤语语料库建设与大模型评测重点实验室,广州 510006粤语语料库建设与大模型评测重点实验室,广州 510006||巴勒莫大学政治学与国际关系系,巴勒莫 90133广州大学网络空间安全学院,广州 510006||粤语语料库建设与大模型评测重点实验室,广州 510006广州大学网络空间安全学院,广州 510006||广州大学黄埔研究院,广州 510006||粤语语料库建设与大模型评测重点实验室,广州 510006||可信分布式计算与服务教育部重点实验室,北京 100084广州大学网络空间安全学院,广州 510006||广州大学黄埔研究院,广州 510006||可信分布式计算与服务教育部重点实验室,北京 100084

信息技术与安全科学

大语言模型安全风险安全治理风险评估分类分级风险图谱

large language modelsecurity risksecurity governancerisk assessmentclassification and gradingrisk landscape

《中国工程科学》 2026 (2)

97-112,16

中国工程院咨询项目"国家级大模型监管保险箍模式研究"(2025-XZ-08),"广东省人工智能大语言模型的安全合规监管战略研究"(2024-GD-04)教育部哲学社会科学重大课题研究项目(24JZD040)国家自然科学基金项目(72293583,72293580) Chinese Academy of Engineering preject"Security and Compliance Regulatory Strategies for Artificial Intelligence Large Language Models in Guangdong Province"(2025-XZ-08),"Research on the National Guardrails and Governance Framework for Large Model Regulation"(2024-GD-04)Major Project of Philosophy and Social Sciences Research of the Ministry of Education(24JZD040)The National Natural Science Foundation of China Projects(72293583,72293580)

10.15302/J-SSCAE-2025.06.016

评论