-
Gandalf the Red: Adaptive Security for LLMs
Authors:
Niklas Pfister,
Václav Volhejn,
Manuel Knott,
Santiago Arias,
Julia Bazińska,
Mykhailo Bichurin,
Alan Commike,
Janet Darling,
Peter Dienes,
Matthew Fiedler,
David Haber,
Matthias Kraft,
Marco Lancini,
Max Mathys,
Damián Pascual-Ortiz,
Jakub Podolak,
Adrià Romero-López,
Kyriacos Shiarlis,
Andreas Signer,
Zsolt Terek,
Athanasios Theocharis,
Daniel Timbrell,
Samuel Trautwein,
Samuel Watts,
Yun-Han Wu
, et al. (1 additional authors not shown)
Abstract:
Current evaluations of defenses against prompt attacks in large language model (LLM) applications often overlook two critical factors: the dynamic nature of adversarial behavior and the usability penalties imposed on legitimate users by restrictive defenses. We propose D-SEC (Dynamic Security Utility Threat Model), which explicitly separates attackers from legitimate users, models multi-step inter…
▽ More
Current evaluations of defenses against prompt attacks in large language model (LLM) applications often overlook two critical factors: the dynamic nature of adversarial behavior and the usability penalties imposed on legitimate users by restrictive defenses. We propose D-SEC (Dynamic Security Utility Threat Model), which explicitly separates attackers from legitimate users, models multi-step interactions, and expresses the security-utility in an optimizable form. We further address the shortcomings in existing evaluations by introducing Gandalf, a crowd-sourced, gamified red-teaming platform designed to generate realistic, adaptive attack. Using Gandalf, we collect and release a dataset of 279k prompt attacks. Complemented by benign user data, our analysis reveals the interplay between security and utility, showing that defenses integrated in the LLM (e.g., system prompts) can degrade usability even without blocking requests. We demonstrate that restricted application domains, defense-in-depth, and adaptive defenses are effective strategies for building secure and useful LLM applications.
△ Less
Submitted 2 February, 2025; v1 submitted 14 January, 2025;
originally announced January 2025.
-
Algorithms and Data Structures to Accelerate Network Analysis
Authors:
Jordi Ros-Giralt,
Alan Commike,
Peter Cullen,
Richard Lethin
Abstract:
As the sheer amount of computer generated data continues to grow exponentially, new bottlenecks are unveiled that require rethinking our traditional software and hardware architectures. In this paper we present five algorithms and data structures (long queue emulation, lockless bimodal queues, tail early dropping, LFN tables, and multiresolution priority queues) designed to optimize the process of…
▽ More
As the sheer amount of computer generated data continues to grow exponentially, new bottlenecks are unveiled that require rethinking our traditional software and hardware architectures. In this paper we present five algorithms and data structures (long queue emulation, lockless bimodal queues, tail early dropping, LFN tables, and multiresolution priority queues) designed to optimize the process of analyzing network traffic. We integrated these optimizations on R-Scope, a high performance network appliance that runs the Bro network analyzer, and present benchmarks showcasing performance speed ups of 5X at traffic rates of 10 Gbps.
△ Less
Submitted 17 November, 2017;
originally announced November 2017.
-
Multiresolution Priority Queues
Authors:
Jordi Ros-Giralt,
Alan Commike,
Peter Cullen,
Jeff Lucovsky,
Dilip Madathil,
Richard Lethin
Abstract:
Priority queues are container data structures essential to many high performance computing (HPC) applications. In this paper, we introduce multiresolution priority queues, a data structure that improves the performance of the standard heap based implementations by trading off a controllable amount of resolution in the space of priorities. The new data structure can reduce the worst case performanc…
▽ More
Priority queues are container data structures essential to many high performance computing (HPC) applications. In this paper, we introduce multiresolution priority queues, a data structure that improves the performance of the standard heap based implementations by trading off a controllable amount of resolution in the space of priorities. The new data structure can reduce the worst case performance of inserting an element from O(log(n)) to O(log(r)), where n is the number of elements in the queue and r is the number of resolution groups in the priority space. The worst case cost of removing the top element is O(1). When the number of elements in the table is high, the amortized cost to insert an element becomes O(1).
△ Less
Submitted 10 August, 2017; v1 submitted 26 May, 2017;
originally announced May 2017.
-
High Speed Elephant Flow Detection Under Partial Information
Authors:
Jordi Ros-Giralt,
Alan Commike,
Sourav Maji,
Malathi Veeraraghavan
Abstract:
In this paper we introduce a new framework to detect elephant flows at very high speed rates and under uncertainty. The framework provides exact mathematical formulas to compute the detection likelihood and introduces a new flow reconstruction lemma under partial information. These theoretical results lead to the design of BubbleCache, a new elephant flow detection algorithm designed to operate ne…
▽ More
In this paper we introduce a new framework to detect elephant flows at very high speed rates and under uncertainty. The framework provides exact mathematical formulas to compute the detection likelihood and introduces a new flow reconstruction lemma under partial information. These theoretical results lead to the design of BubbleCache, a new elephant flow detection algorithm designed to operate near the optimal tradeoff between computational scalability and accuracy by dynamically tracking the traffic's natural cutoff sampling rate. We demonstrate on a real world 100 Gbps network that the BubbleCache algorithm helps reduce the computational cost by a factor of 1000 and the memory requirements by a factor of 100 while detecting the top flows on the network with very high probability.
△ Less
Submitted 28 September, 2018; v1 submitted 6 January, 2017;
originally announced January 2017.
