While the integration of large language models (LLMs) drives intelligent automation, their endogenous vulnerability to complex adversarial prompts engenders critical security threats. To address the limitations of existing defenses relying on prohibitive fine-tuning or lagging text matching, this paper proposes Contrastive Distribution Discriminator Guard (CDD-Guard), a training-free endogenous monitoring framework. CDD-Guard pioneers mapping a latent bipolar semantic axis to geometrically separate benign and malicious representations. To mitigate structural noise, it introduces an adaptive layer filtering mechanism driven by statistical effect size, while a cross-layer projection normalization mechanism utilizes Z-Scores to isolate statistical anomalies from thematic variances. Evaluations across heterogeneous LLMs demonstrate superior detection efficacy. Crucially, by directly reusing hidden states generated during a single forward pass, CDD-Guard circumvents the autoregressive generation overhead of external monitors, reducing computational monitoring latency by over 99%. Operating strictly under the constraint of preserving original weights, this framework achieves substantial improvements in attack interception rates and cross-model generalization, providing a lightweight yet robust contribution to LLM security.
Gong et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: