Beyond Surface-Level Detection: Towards Cognitive-Driven Defense Against Jailbreak Attacks via Meta-Operations Reasoning

Defending large language models (LLMs) against jailbreak attacks is essential for their safe and reliable deployment. Existing defenses often rely on shallow pattern matching, which struggles to generalize to novel and unseen attack strategies. To address this challenge, we propose the Cognitive-Driven Defense (CDD) framework, which targets the underlying structure of jailbreak prompts by applying meta-operations, defined as basic manipulations that conceal harmful intent.CDD emulates human cognitive reasoning through a structured reasoning chain. It begins with a global perception of the prompt and follows with a localized analysis to uncover hidden manipulations. By applying supervised fine-tuning on this structured chain, the model learns to identify and reason about known manipulation patterns. To enhance generalization to unseen threats, an entropy-guided reinforcement learning algorithm (EG-GRPO) is introduced to encourage exploration of new types and variants of meta-operations. Experiments demonstrate that CDD can achieve state-of-the-art defense performance and exhibit strong generalization to unseen jailbreak attacks.

Key Contributions

• Meta-operations framework that decomposes diverse jailbreak prompts into a finite set of fundamental manipulation primitives, grounded in Interpersonal Deception Theory and analysis of 13 representative jailbreak techniques
• Two-stage training paradigm (SFT for shallow cognition + RL for deep cognition) that teaches the model to reason progressively from global prompt semantics to localized obfuscation patterns
• EG-GRPO: an entropy-guided GRPO reinforcement learning algorithm that drives exploration of novel and unseen meta-operation variants, enabling generalization beyond training-time attack patterns

🛡️ Threat Analysis

Details

Similar Papers