首页|期刊导航|信息安全研究|基于群体极化嵌套越狱模板的大模型安全评估技术研究

基于群体极化嵌套越狱模板的大模型安全评估技术研究OA

Research on Large Model Security Assessment Technology Based on Group Polarization Nested Jailbreak Templates

中文摘要英文摘要

随着大模型(large model)在自然语言处理任务中表现卓越,其安全性问题日益凸显.越狱攻击绕过模型安全机制,削弱价值观对齐约束,诱导模型生成有害内容.该攻击导致的模型滥用、劫持及信息泄露等风险,对大模型应用生态构成安全威胁.为更全面地评估大模型安全性能,提出一种基于群体极化心理效应的嵌套越狱模板技术,通过逐步嵌套指令引导模型产生复杂回应.在此基础上,结合层次遗传算法构建了NesT-HGA方法.实验结果表明,该方法在8种主流大模型中实现了平均80%以上的攻击成功率,统计检验证实与现有方法存在显著差异,消融实验验证了组件协同作用,有效评估了大模型在面对复杂攻击时的安全性和鲁棒性.

As large model demonstrates excellent performance in natural language processing tasks,its security issues become increasingly prominent.Jailbreak attacks bypass model security mechanisms,weaken value alignment constraints,and induce models to generate harmful content.The risks of model abuse,hijacking,and information leakage caused by such attacks pose security threats to the large language model application ecosystem.To comprehensively evaluate large model security performance,a nested jailbreak template technique based on the group polarization psychological effect is proposed,which guides models to generate complex responses through progressively nested instructions.Based on this,the NesT-HGA(nested template-hierarchical genetic algorithm)framework is constructed by integrating hierarchical genetic algorithms.Experimental results show that this method achieves an average attack success rate of over 80%across 8 mainstream large models,statistical tests confirm significant differences from existing methods,and ablation experiments verify component synergistic effects,effectively evaluating the security and robustness of large models against complex attacks.

王红杰;孙培淇;杜彦辉;刘楠

中国人民公安大学信息网络安全学院 北京 100038中国人民公安大学信息网络安全学院 北京 100038中国人民公安大学信息网络安全学院 北京 100038网络安全等级保护与安全保卫技术国家工程研究中心 上海 201100

信息技术与安全科学

越狱攻击群体极化效应嵌套指令层次遗传算法大模型安全评估

jailbreak attackgroup polarization effectnested instructionhierarchical genetic algorithmlarge model security assessment

《信息安全研究》 2026 (5)

410-419,10

网络安全等级保护与安全保卫技术国家工程研究中心行动计划基金项目(C23640-XD-08)中央高校基本科研业务费专项资金项目(2024JKF14)提升自主创新—网络空间安全执法技术双一流专项(2023SYL07)

10.12379/j.issn.2096-1057.2026.05.03

评论