SALAD-Bench: A Hierarchical and Comprehensive Safety Benchmark for Large Language Models (2402.05044v4)

Abstract: In the rapidly evolving landscape of LLMs, ensuring robust safety measures is paramount. To meet this crucial need, we propose \emph{SALAD-Bench}, a safety benchmark specifically designed for evaluating LLMs, attack, and defense methods. Distinguished by its breadth, SALAD-Bench transcends conventional benchmarks through its large scale, rich diversity, intricate taxonomy spanning three levels, and versatile functionalities.SALAD-Bench is crafted with a meticulous array of questions, from standard queries to complex ones enriched with attack, defense modifications and multiple-choice. To effectively manage the inherent complexity, we introduce an innovative evaluators: the LLM-based MD-Judge for QA pairs with a particular focus on attack-enhanced queries, ensuring a seamless, and reliable evaluation. Above components extend SALAD-Bench from standard LLM safety evaluation to both LLM attack and defense methods evaluation, ensuring the joint-purpose utility. Our extensive experiments shed light on the resilience of LLMs against emerging threats and the efficacy of contemporary defense tactics. Data and evaluator are released under https://github.com/OpenSafetyLab/SALAD-BENCH.

• The paper introduces SALAD-Bench, a hierarchical safety benchmark assessing LLMs across 6 domains, 16 tasks, and 65 categories.
• It employs innovative data collection and question enhancement techniques to simulate adversarial and defense scenarios for robust evaluation.
• Experimental results reveal varied LLM resilience, highlighting the need for improved safety mechanisms against evolving threats.

Comprehensive Evaluation of LLM Safety with SALAD-Bench

Introduction to SALAD-Bench

SALAD-Bench emerges as a sophisticated safety benchmark tailored for the rigorous evaluation of LLMs, encompassing both their inherent safety features and resilience against adversarial attacks. Distinct in its hierarchical structure, SALAD-Bench is meticulously designed to span an intricate taxonomy across three levels: domains, tasks, and categories, encompassing a total of 6 domains, 16 tasks, and 65 categories. This structure facilitates a granular analysis of LLM safety, enabling insights into specific safety vulnerabilities.

Hierarchical Taxonomy and Dataset Construction

SALAD-Bench's hierarchical taxonomy addresses the multifaceted nature of safety in LLMs. Domains such as Representation & Toxicity, Information & Safety, and Malicious Use are dissected into specific tasks and further into detailed categories such as hate speech, misinformation harms, and illegal activities. To populate this comprehensive taxonomy, an elaborate data collection process was undertaken, leveraging both publicly available datasets and newly generated questions. Specifically, questions were both curated from existing benchmarks and generated using fine-tuned versions of LLMs, ensuring a rich and diversified dataset. The gathered data underwent rigorous cleaning, deduplication, and labeling processes, employing innovative LLM-based techniques for efficient and accurate taxonomy classification.

Question Enhancement for Advanced Safety Evaluation

Acknowledging the evolving sophistication of potential malicious use, SALAD-Bench introduces an innovative question enhancement approach. This approach generates attack-enhanced, defense-enhanced, and multiple-choice questions, markedly elevating the benchmark’s evaluation capacity. The attack-enhanced subset specifically aims to test LLM robustness against sophisticated adversarial tactics, while the defense-enhanced subset assesses the efficacy of defense methods. Moreover, the inclusion of a multiple-choice question subset adds an additional layer of complexity, challenging LLMs to discern between safe and unsafe responses accurately.

LLM Evaluation with MD-Judge and MCQ-Judge

The evaluation framework of SALAD-Bench is powered by two novel evaluators: MD-Judge and MCQ-Judge. MD-Judge, an LLM-based evaluator, is finely tuned for assessing question-answer pairs, particularly under the context of enhanced questions, ensuring a nuanced evaluation of safety metrics. Meanwhile, MCQ-Judge employs pattern recognition and in-context learning to evaluate multiple-choice questions efficiently, bolstering the benchmark's utility in assessing LLM safety comprehensively.

Insights from Experimental Evaluations

Experimental evaluations conducted using SALAD-Bench reveal significant insights into the current state of LLM safety and defense mechanisms. The tested LLMs displayed varied resilience against the enhanced questions, with some models demonstrating robust safety features while others exhibited vulnerabilities. These evaluations underscore the imperative need for continued advancements in LLM safety features and the development of more sophisticated defense mechanisms to safeguard against evolving threats.

Concluding Remarks and Future Directions

SALAD-Bench stands out as a pioneering benchmark in the LLM safety evaluation landscape, offering a multifaceted and hierarchical approach to assessing LLM vulnerabilities and defense capabilities. The insights gleaned from evaluations using SALAD-Bench not only highlight the current achievements in LLM safety but also underscore the ongoing challenges and the need for continued research and development in this critical area. As the landscape of generative AI and LLMs continues to evolve, benchmarks like SALAD-Bench will be pivotal in guiding the progression towards safer and more reliable LLM technologies.