@inproceedings{xiang-etal-2025-beyond,
    title = "Beyond Surface-Level Patterns: An Essence-Driven Defense Framework Against Jailbreak Attacks in {LLM}s",
    author = "Xiang, Shiyu  and
      Zhang, Ansen  and
      Cao, Yanfei  and
      Yang, Fan  and
      Chen, Ronghao",
    editor = "Che, Wanxiang  and
      Nabende, Joyce  and
      Shutova, Ekaterina  and
      Pilehvar, Mohammad Taher",
    booktitle = "Findings of the Association for Computational Linguistics: ACL 2025",
    month = jul,
    year = "2025",
    address = "Vienna, Austria",
    publisher = "Association for Computational Linguistics",
    url = "https://preview.aclanthology.org/mtsummit-25-ingestion/2025.findings-acl.760/",
    doi = "10.18653/v1/2025.findings-acl.760",
    pages = "14727--14742",
    ISBN = "979-8-89176-256-5",
    abstract = "Although Aligned Large Language Models (LLMs) are trained to reject harmful requests, they remain vulnerable to jailbreak attacks. Unfortunately, existing methods often focus on surface-level patterns, overlooking the deeper attack essences. As a result, defenses fail when attack prompts change, even though the underlying ``attack essences'' remain the same. To address this issue, we introduce EDDF, an Essence-Driven Defense Framework Against Jailbreak Attacks in LLMs. EDDF is a plug-and-play input-filtering method and operates in two stages: 1) offline essence database construction, and 2) online adversarial query detection. The key idea behind EDDF is to extract the ``attack essence'' from a diverse set of known attack instances and store it in an offline vector database. Experimental results demonstrate that EDDF significantly outperforms existing methods by reducing the Attack Success Rate by at least 20{\%}, underscoring its superior robustness against jailbreak attacks."
}