Harder to Defend: Towards Chinese Toxicity Attacks via Implicit Enhancement and Obfuscation Rewriting
Summary
The Chinese Implicit Toxicity Attack (CITA) framework is introduced as a controlled red-team evaluation and defense-data generation tool, specifically addressing underexplored toxicity in Chinese LLMs. This framework operates in three stages: Harmful Intent Learning, Implicit Toxicity Enhancement, and Obfuscation Variant Rewriting, designed to preserve harmful intent while increasing implicitness and adding controlled surface variants. Evaluations on CITA-generated samples revealed that seven tested detectors exhibited an average Attack Success Rate (ASR) of 69.48% for missed detections. Human assessments confirmed the samples maintained harmfulness and increased implicitness and evasiveness. Furthermore, fine-tuning a Chinese Implicit Toxicity Defense (CITD) model with CITA-generated data demonstrated improved robustness, highlighting the value of such controlled red-teaming for enhancing defense mechanisms.
Key takeaway
For NLP Engineers or AI Security Engineers deploying Chinese toxicity detection systems, you must recognize that current models are highly vulnerable to implicit and obfuscated attacks. Your evaluation protocols should integrate controlled red-teaming frameworks like CITA to generate diverse adversarial data. This approach will expose critical missed-detection risks and enable you to fine-tune defense models for significantly improved robustness against sophisticated Chinese toxic content.
Key insights
Chinese toxicity detection must account for both semantic indirectness and surface obfuscation, which current detectors frequently miss.
Principles
- Toxicity evaluation requires robustness beyond explicit wording.
- Controlled red-teaming is crucial for generating effective defense data.
- Semantic indirectness and surface obfuscation are distinct yet complementary stressors.
Method
The CITA framework generates implicit and obfuscated Chinese toxic samples through Harmful Intent Learning, Implicit Toxicity Enhancement using reinforcement learning, and Obfuscation Variant Rewriting.
In practice
- Use controlled red-team frameworks to audit toxicity detectors.
- Fine-tune defense models with generative adversarial data.
Topics
- Chinese Toxicity Detection
- Large Language Models
- Red Teaming
- Implicit Toxicity
- Obfuscation Rewriting
- Content Moderation
Code references
Best for: Research Scientist, AI Scientist, NLP Engineer, AI Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by cs.CL updates on arXiv.org.