Detecção de Prompt Injection em modelos de Linguagem

• Júlia Jamile Oliveira Gonçalves ^[1] ; Thiago Lotufo ^[1] ; Georges Daniel Amvame Nze ^[1] ; Fábio Lopes de Mendonça ^[1]
  1. [1] Universidade Federal de Brasília, Programa de Pós-Graduação profissional em Engenharia Elétrica, 70910- 900, Brasília, Brasil
• Localización: RISTI: Revista Ibérica de Sistemas e Tecnologias de Informação, ISSN-e 1646-9895, Nº. Extra 77, 2025, págs. 104-116
• Idioma: portugués
• Títulos paralelos:
  • Prompt Injection Detection in Language Models
• Enlaces
  • Texto completo (pdf)
• Resumen
  • English

    Large Language Models (LLMs) are widely used in industry and academia for various tasks, such as virtual assistants and process automation.

    However, these technologies present security vulnerabilities, such as Prompt Injection attacks, which can compromise the integrity and reliability of the models.

    This study proposes a machine learning-based approach to detect Prompt Injection attacks and compares its effectiveness with traditional models. Experiments were conducted using models like BERT, CountVectorizer, and TfidfVectorizer, demonstrating that Oversampling techniques enhance the detection of these threats.

  • português

    Os Modelos de Linguagem de Grande Escala (LLMs) são amplamente utilizados na indústria e na academia para tarefas diversas, como assistentes virtuais e automação de processos. No entanto, essas tecnologias apresentam vulnerabilidades de segurança, como ataques de Prompt Injection, que podem comprometer a integridade e confiabilidade dos modelos. Este estudo propõe uma abordagem baseada em aprendizado de máquina para detectar ataques de Prompt Injection e comparar sua eficácia com modelos tradicionais. Experimentos foram conduzidos utilizando modelos como BERT, CountVectorizer e TfidfVectorizer, demonstrando que técnicas de Oversampling aprimoram a detecção dessas ameaças.

• Referencias bibliográficas
  • Agarwal, A., Vats, S., Agarwal, R., Ratra, A., Sharma, V., & Gopal, L. (2023). Sentiment Analysis in Stock Price Prediction: A Comparative...
  • Das, R., Kadam, S., Kalra, C., Nayak, V., & Govilkar, Dr. S. (2018). SARCASM DETECTION FOR ENGLISH TEXT (p. 66). Journal of Computer Engineering,...
  • El, M., Tarek Abd El-Hafeez, Ahmed, O., & Hamed, E. (2023). A Prediction System Using AI Techniques to Predict Students’ Learning Difficulties...
  • Felix, M. (2024). Manipulando o ChatGPT para entregar informações sensíveis via prompt injection. Medium. https://medium.com/@binaryfelix/manipulandoo-chatgpt-para-entregar-informa%C3%A7%C3%B5es-sens%C3%ADveis-viaprompt-injection-6be7d3b63ab1
  • Google Gemini. (2023). Build with the Gemini API. Google AI for Developers. https://ai.google.dev/
  • Harelix. (2023). train.csv · Harelix/Prompt-Injection-Mixed-Techniques-2024 at main. Huggingface.co. https://huggingface.co/datasets/Harelix/Prompt-InjectionMixed-Techniques-2024/blob/main/train.csv
  • Hines, K., Lopez, G., Hall, M., Zarfati, F., Zunger, Y., & Kiciman, E. (2024). Defending Against Indirect Prompt Injection Attacks With...
  • Hung, K.-H., Ko, C.-Y., Rawat, A., Chung, I-Hsin., Hsu, W. H., & Chen, P.-Y. (2024). Attention Tracker: Detecting Prompt Injection Attacks...
  • Jaziri, C. (2024). Malicious_and_Benign_Dataset. Kaggle.com. https://www.kaggle. com/datasets/chaimajaziri/malicious-and-benign-dataset
  • Kokkula, S., & Divya, G. (2024). Palisade -- Prompt Injection Detection Framework. ArXiv.org. https://arxiv.org/abs/2410.21146
  • Kosinsky, M., & Forrest, A. (2024, March 26). What is a prompt injection attack? Ibm. com. https://www.ibm.com/think/topics/prompt-injection
  • Lima, M. de. (2022). 6 passos Para Criar Seu Primeiro Projeto de Machine Learning. Insightlab.ufc.br; Insight Data Science Lab. https://www.insightlab.ufc.br/6- passos-para-criar-seu-primeiro-projeto-de-machine-learning/
  • Llama. (2024). Llamaapi.com. https://console.llamaapi.com/
  • Mccallum, A., & Nigam, K. (1998). A comparison of event models for naive bayes text classification. http://yangli-feasibility.com/home/classes/lfd2022fall/media/ aaaiws98.pdf
  • Mitreva, E., Georgiev, V., & Nikolova, A. (2024). Classification of Short Noisy Text. Proceedings of the International Conference on Computer...
  • Mumtarin, M., Chowdhury, M. S., & Wood, J. (2023). Large Language Models in Analyzing Crash Narratives -- A Comparative Study of ChatGPT,...
  • OpenAI. (2021). OpenAI API. OpenAI. https://openai.com/api/
  • OWASP LLM Project. (2024). OWASP Top 10 for LLM Applications 2025 - OWASP Top 10 for LLM & Generative AI Security. OWASP Top 10 for LLM...
  • Palomino-Flores, P., & Cristi-López, R. (2024). Del código a la creatividad: Explorando los horizontes éticos de la creación de contenido...
  • Rahman, M. A., Shahriar, H., Wu, F., & Cuzzocrea, A. (2024). Applying Pre-trained Multilingual BERT in Embeddings for Improved Malicious...
  • Ramos, J. (2003). Using TF-IDF to Determine Word Relevance in Document Queries. https://citeseerx.ist.psu.edu/document? repid = rep1&type...
  • Souza, F. R. (2023). Simulação de diálogos e personagens no Chat-GPT4: análise comparativa do desempenho em idiomas inglês e português. In...
  • Vaj, T. (2023). Let’s code K-fold validation on BERT. Medium. https://vtiya.medium. com/lets-code-k-fold-validation-on-bert-722f9438f932
  • Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A. N., Kaiser, Ł., & Polosukhin, I. (2017). Attention is All you...
  • Yao, H., Lou, J., & Qin, Z. (2024). PoisonPrompt: Backdoor Attack on Prompt-Based Large Language Models. IEEE International Conference...
  • Yao, H., Lou, J., Qin, Z., & Ren, K. (2024). PromptCARE: Prompt Copyright Protection by Watermark Injection and Verification. 2024 IEEE...
  • Zhang, W., Kong, X., Dewitt, C., Braunl, T., & Hong, J. B. (2024). A Study on Prompt Injection Attack Against LLM-Integrated Mobile Robotic...