five

A Prompt Injection Attack Dataset and Prompt Collection for Evaluating Defense-in-Depth Security in LLM-Based Systems

收藏
Zenodo2026-04-14 更新2026-05-26 收录
下载链接:
https://zenodo.org/doi/10.5281/zenodo.19570952
下载链接
链接失效反馈
官方服务:
资源简介:
This repository provides the dataset and prompt collection used in the study titled “A Defense-in-Depth Approach to Mitigating Prompt Injection in LLM-Based Systems.” The materials are designed to support reproducibility and transparency of the experimental evaluation conducted in the study. The repository consists of two main components: 1. Prompt Injection Attack Dataset The dataset is provided in the file dataset.docx and contains a curated set of prompt injection attack instances. The dataset is systematically structured and categorized to represent commonly observed attack types in LLM-based systems. The dataset includes the following five categories: Instruction OverridePrompts attempting to override or ignore system-level instructions. Role ManipulationPrompts designed to force the model into unauthorized or privileged roles. System Prompt LeakagePrompts aiming to extract hidden system or developer-defined instructions. Data Exfiltration AttemptsPrompts targeting the disclosure of sensitive or restricted information. Indirect InjectionContext-based attacks where malicious instructions are embedded within external or retrieved content. Each category contains a balanced number of samples to ensure fair and controlled experimental comparisons across attack types. 2. Prompt Collection for System Design The file prompt_article.docx contains all prompts used in the system design and experimental evaluation. This includes: Input prompts used in attack scenarios System prompts defining model behavior Policy enforcement prompts Retrieval-related prompts (for RAG scenarios) Output validation and guardrail prompts These prompts collectively represent the operational configuration of the evaluated LLM-based system and enable reproducibility of the experimental setup. Purpose and Usage The dataset and prompt collection are intended for: Evaluating prompt injection attacks in LLM-based systems Benchmarking security mechanisms such as defense-in-depth architectures Supporting research on LLM security, prompt engineering, and adversarial robustness Reproducing the experimental results reported in the associated study Researchers can use this dataset to analyze attack behavior, test defense strategies, or extend the experimental framework to different models and architectures. Reproducibility All experiments in the associated study were conducted using the provided prompts and dataset under controlled conditions. The materials included in this repository allow other researchers to replicate the experimental scenarios and validate the reported findings. Notes The dataset is synthetically constructed based on patterns and attack strategies reported in the literature. The prompts are designed for research purposes and do not reflect real user data. No sensitive or personal data is included in this repository.

本仓库提供了题为《面向缓解大语言模型(LLM)系统中提示词注入攻击的纵深防御方法》的研究中所用的数据集与提示词合集。本材料旨在支撑该研究中实验评估的可复现性与透明度。 本仓库包含两大核心组成部分: 1. 提示词注入攻击(Prompt Injection Attack)数据集 该数据集存储于dataset.docx文件中,包含经过精心甄选的提示词注入攻击实例。数据集采用系统化结构并完成分类,以覆盖大语言模型系统中常见的各类攻击场景。 该数据集包含以下五大分类: - 指令覆盖(Instruction Override):旨在覆盖或忽略系统级指令的提示词。 - 角色操控(Role Manipulation):旨在迫使模型进入未授权或特权角色的提示词。 - 系统提示词泄露(System Prompt Leakage):旨在提取隐藏的系统或开发者自定义指令的提示词。 - 数据外泄尝试(Data Exfiltration Attempts):旨在泄露敏感或受限信息的提示词。 - 间接注入(Indirect Injection):基于上下文的攻击手法,将恶意指令嵌入外部内容或检索得到的内容中。 每个分类均包含均衡数量的样本,以确保不同攻击类型间的实验对比公平且可控。 2. 系统设计用提示词合集 文件prompt_article.docx中收录了系统设计与实验评估过程中使用的全部提示词。 具体包含: - 攻击场景中使用的输入提示词 - 定义模型行为的系统提示词 - 策略强制执行提示词 - 检索相关提示词(适用于检索增强生成(RAG)场景) - 输出验证与安全护栏提示词 上述提示词共同构成了所评估的大语言模型系统的运行配置,可实现实验设置的完整复现。 用途与适用场景 本数据集与提示词合集可用于以下场景: - 评估大语言模型系统中的提示词注入攻击 - 对纵深防御架构等安全机制开展基准测试 - 支撑大语言模型安全、提示词工程与对抗鲁棒性领域的研究 - 复现关联研究中报告的实验结果 研究人员可借助本数据集分析攻击行为、测试防御策略,或将实验框架拓展至不同模型与架构场景。 可复现性 关联研究中的所有实验均在受控条件下,使用本仓库提供的提示词与数据集完成。本仓库收录的材料可帮助其他研究人员复现实验场景并验证所报告的研究发现。 注意事项 - 本数据集基于已发表文献中报道的攻击模式与策略合成构建。 - 本提示词仅用于研究目的,不代表真实用户数据。 - 本仓库未包含任何敏感或个人数据。
提供机构:
Zenodo
创建时间:
2026-04-14
二维码
社区交流群
二维码
科研交流群
商业服务