panda_guard.role.attacks.gptfuzzer_attack package

Subpackages

• panda_guard.role.attacks.gptfuzzer_attack.fuzzer package
  • Submodules
  • panda_guard.role.attacks.gptfuzzer_attack.fuzzer.core module
    • GPTFuzzer
      • GPTFuzzer.evaluate()
      • GPTFuzzer.is_stop()
      • GPTFuzzer.log()
      • GPTFuzzer.run()
      • GPTFuzzer.setup()
      • GPTFuzzer.update()
    • PromptNode
      • PromptNode.index
      • PromptNode.num_jailbreak
      • PromptNode.num_query
      • PromptNode.num_reject
  • panda_guard.role.attacks.gptfuzzer_attack.fuzzer.mutator module
    • MutatePolicy
      • MutatePolicy.fuzzer
      • MutatePolicy.mutate_batch()
      • MutatePolicy.mutate_single()
    • MutateRandomSinglePolicy
      • MutateRandomSinglePolicy.mutate_single()
    • Mutator
      • Mutator.mutate_single()
    • OpenAIMutatorBase
      • OpenAIMutatorBase.mutate_single()
    • OpenAIMutatorCrossOver
      • OpenAIMutatorCrossOver.cross_over()
      • OpenAIMutatorCrossOver.mutate_single()
    • OpenAIMutatorExpand
      • OpenAIMutatorExpand.expand()
      • OpenAIMutatorExpand.mutate_single()
    • OpenAIMutatorGenerateSimilar
      • OpenAIMutatorGenerateSimilar.generate_similar()
      • OpenAIMutatorGenerateSimilar.mutate_single()
    • OpenAIMutatorRephrase
      • OpenAIMutatorRephrase.mutate_single()
      • OpenAIMutatorRephrase.rephrase()
    • OpenAIMutatorShorten
      • OpenAIMutatorShorten.mutate_single()
      • OpenAIMutatorShorten.shorten()
  • panda_guard.role.attacks.gptfuzzer_attack.fuzzer.selection module
    • EXP3SelectPolicy
      • EXP3SelectPolicy.select()
      • EXP3SelectPolicy.update()
    • MCTSExploreSelectPolicy
      • MCTSExploreSelectPolicy.select()
      • MCTSExploreSelectPolicy.update()
    • RandomSelectPolicy
      • RandomSelectPolicy.select()
    • RoundRobinSelectPolicy
      • RoundRobinSelectPolicy.select()
      • RoundRobinSelectPolicy.update()
    • SelectPolicy
      • SelectPolicy.select()
      • SelectPolicy.update()
    • UCBSelectPolicy
      • UCBSelectPolicy.select()
      • UCBSelectPolicy.update()
  • Module contents
• panda_guard.role.attacks.gptfuzzer_attack.utils package
  • Submodules
  • panda_guard.role.attacks.gptfuzzer_attack.utils.predict module
    • Predictor
      • Predictor.predict()
    • RoBERTaPredictor
      • RoBERTaPredictor.predict()
  • panda_guard.role.attacks.gptfuzzer_attack.utils.template module
    • synthesis_message()
  • Module contents

Submodules

panda_guard.role.attacks.gptfuzzer_attack.gptfuzz module

class panda_guard.role.attacks.gptfuzzer_attack.gptfuzz.GPTFuzzAttacker(config: GPTFuzzAttackerConfig)

Bases: BaseAttacker

GPTFuzz Attacker Implementation that substitutes the user message with a pre-formulated attack prompt.

Reference: Yu J, Lin X, Yu Z, et al. Gptfuzzer: Red teaming large language models with auto-generated jailbreak prompts[J]. arXiv preprint arXiv:2309.10253, 2023.

Parameters:

config – Configuration for the GPTFuzzAttacker.

attack(messages: List[Dict[str, str]], **kwargs) → List[Dict[str, str]]

Execute an attack by transferring a reformulated request into the conversation.

Parameters:

• messages – List of messages in the conversation.

• kwargs – Additional parameters for the attack, must include “request_reformulated”.

Returns:

Prompts containing harmful attacks on the target, is of the form “role: user, content: xx”.

class panda_guard.role.attacks.gptfuzzer_attack.gptfuzz.GPTFuzzAttackerConfig(attacker_cls: str = 'GPTFuzzAttacker', attacker_name: str | None = None, attacker_llm_config: ~panda_guard.llms.base.BaseLLMConfig = <factory>, attacker_llm_gen_config: ~panda_guard.llms.base.LLMGenerateConfig | None = None, target_llm_config: ~panda_guard.llms.base.BaseLLMConfig = <factory>, target_llm_gen_config: ~panda_guard.llms.base.LLMGenerateConfig | None = None, initial_seed: list | None = None, predict_model: str | None = None)

Bases: BaseAttackerConfig

Configuration for the GPTFuzz Attacker.

Parameters:

• attacker_cls – Class of the attacker, default is “TransferAttacker”.

• attacker_name – Name of the attacker.

• attacker_llm_config – Configuration of attacker llm.

• attacker_llm_gen_config – Generation configuration for the attacker’s LLM.

• target_llm_config – Configuration of target llm.

• target_llm_gen_config – Generation configuration for the attacker’s LLM.

• initial_seed – initial seed.

• predict_model – A model for determining whether a jailbreak attack has succeeded, with an output of 0 or 1.

attacker_cls: str = 'GPTFuzzAttacker'

attacker_llm_config: BaseLLMConfig

attacker_llm_gen_config: LLMGenerateConfig = None

attacker_name: str = None

initial_seed: list = None

predict_model: str = None

target_llm_config: BaseLLMConfig

target_llm_gen_config: LLMGenerateConfig = None

Module contents