{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T05:41:48Z","timestamp":1777354908740,"version":"3.51.4"},"reference-count":54,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"National NSF of China","award":["62302176"],"award-info":[{"award-number":["62302176"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2026]]},"DOI":"10.1109\/tifs.2026.3683279","type":"journal-article","created":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T19:35:39Z","timestamp":1776108939000},"page":"4074-4089","source":"Crossref","is-referenced-by-count":0,"title":["Exposing the Ghost in the Transformer: Abnormal Detection for Large Language Models via Hidden State Forensics"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0009-0003-7891-8946","authenticated-orcid":false,"given":"Shide","family":"Zhou","sequence":"first","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3977-6573","authenticated-orcid":false,"given":"Kailong","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2023-0247","authenticated-orcid":false,"given":"Ling","family":"Shi","sequence":"additional","affiliation":[{"name":"Nanyang Technological University, Nanyang, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1100-8633","authenticated-orcid":false,"given":"Haoyu","family":"Wang","sequence":"additional","affiliation":[{"name":"Huazhong University of Science and Technology, Wuhan, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3417058"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1145\/3616855.3635739"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/3604237.3626869"},{"key":"ref4","article-title":"When LLMs meet cybersecurity: A systematic literature review","author":"Zhang","year":"2024","journal-title":"arXiv:2405.03644"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/3703155"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.findings-acl.443"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1038\/s41586-024-07421-0"},{"key":"ref8","article-title":"Baseline defenses for adversarial attacks against aligned language models","author":"Jain","year":"2023","journal-title":"arXiv:2309.00614"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670388"},{"key":"ref10","article-title":"A systematic review of poisoning attacks against large language models","author":"Fendley","year":"2025","journal-title":"arXiv:2506.06518"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1093\/jla\/laae003"},{"key":"ref12","article-title":"Improving reliability and explainability of medical question answering through atomic fact checking in retrieval-augmented LLMs","author":"Vladika","year":"2025","journal-title":"arXiv:2505.24830"},{"key":"ref13","article-title":"Understanding the effectiveness of coverage criteria for large language models: A special angle from jailbreak attacks","author":"Zhou","year":"2024","journal-title":"arXiv:2408.15207"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3132747.3132785"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3238147.3238202"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2015.7081877"},{"key":"ref17","article-title":"LLaMA: Open and efficient foundation language models","author":"Touvron","year":"2023","journal-title":"arXiv:2302.13971"},{"key":"ref18","volume-title":"Llama 3 Model Card","year":"2024"},{"key":"ref19","article-title":"Gemma: Open models based on Gemini research and technology","author":"Team","year":"2024","journal-title":"arXiv:2403.08295"},{"key":"ref20","article-title":"Instruction tuning with GPT-4","author":"Peng","year":"2023","journal-title":"arXiv:2304.03277"},{"key":"ref21","article-title":"JailBreakV: A benchmark for assessing the robustness of MultiModal large language models against jailbreak attacks","author":"Luo","year":"2024","journal-title":"arXiv:2404.03027"},{"key":"ref22","article-title":"Universal and transferable adversarial attacks on aligned language models","author":"Zou","year":"2023","journal-title":"arXiv:2307.15043"},{"key":"ref23","article-title":"COLD-attack: Jailbreaking LLMs with stealthiness and controllability","author":"Guo","year":"2024","journal-title":"arXiv:2402.08679"},{"key":"ref24","article-title":"Jailbreaking leading safety-aligned LLMs with simple adaptive attacks","author":"Andriushchenko","year":"2024","journal-title":"arXiv:2404.02151"},{"key":"ref25","article-title":"TruthfulQA: Measuring how models mimic human falsehoods","author":"Lin","year":"2021","journal-title":"arXiv:2109.07958"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.emnlp-main.397"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/3689776"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/W17-4413"},{"key":"ref29","article-title":"BackdoorLLM: A comprehensive benchmark for backdoor attacks and defenses on large language models","author":"Li","year":"2024","journal-title":"arXiv:2408.12798"},{"key":"ref30","article-title":"BadNets: Identifying vulnerabilities in the machine learning model supply chain","author":"Gu","year":"2017","journal-title":"arXiv:1708.06733"},{"key":"ref31","first-page":"6065","article-title":"Backdooring instruction-tuned large language models with virtual prompt injection","volume-title":"Proc. Conf. North Amer. Chapter Assoc. Comput. Linguistics, Hum. Lang. Technol.","author":"Yan"},{"key":"ref32","first-page":"507","article-title":"GradSafe: Detecting jailbreak prompts for LLMs via safety-critical gradient analysis","volume-title":"Proc. 62nd Annu. Meeting Assoc. Comput. Linguistics","author":"Xie"},{"key":"ref33","article-title":"Lynx: An open source hallucination evaluation model","author":"Ravi","year":"2024","journal-title":"arXiv:2407.08488"},{"key":"ref34","article-title":"ONION: A simple and effective defense against textual backdoor attacks","author":"Qi","year":"2020","journal-title":"arXiv:2011.10369"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00153"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE48619.2023.00107"},{"key":"ref37","volume-title":"Exposing the Ghost in the Transformer: Abnormal Detection for Large Language Models via Hidden State Forensics","year":"2026"},{"key":"ref38","article-title":"Do LLMs know about hallucination? An empirical investigation of LLM\u2019s hidden states","author":"Duan","year":"2024","journal-title":"arXiv:2402.09733"},{"key":"ref39","doi-asserted-by":"crossref","DOI":"10.14722\/ndss.2024.24188","article-title":"MASTERKEY: Automated jailbreaking of large language model chatbots","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Deng"},{"key":"ref40","article-title":"Wildteaming at scale: From in-the-wild jailbreaks to (adversarially) safer language models","author":"Jiang","year":"2024","journal-title":"arXiv:2406.18510"},{"key":"ref41","article-title":"Gradient cuff: Detecting jailbreak attacks on large language models by exploring refusal loss landscapes","author":"Hu","year":"2024","journal-title":"arXiv:2403.00867"},{"key":"ref42","article-title":"Llama guard: LLM-based input\u2013output safeguard for human-ai conversations","author":"Inan","year":"2023","journal-title":"arXiv:2312.06674"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2023.findings-emnlp.68"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.blackboxnlp-1.6"},{"key":"ref45","article-title":"In-context sharpness as alerts: An inner representation perspective for hallucination mitigation","author":"Chen","year":"2024","journal-title":"arXiv:2403.01548"},{"key":"ref46","first-page":"5186","article-title":"Quantifying uncertainty in answers from any language model and enhancing their trustworthiness","volume-title":"Proc. 62nd Annu. Meeting Assoc. Comput. Linguistics","author":"Chen"},{"key":"ref47","first-page":"1946","article-title":"Self-alignment for factuality: Mitigating hallucinations in LLMs via self-evaluation","volume-title":"Proc. 62nd Annu. Meeting Assoc. Comput. Linguistics","author":"Zhang"},{"key":"ref48","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2021.102433","article-title":"BDDR: An effective defense against textual backdoor attacks","volume":"110","author":"Shao","year":"2021","journal-title":"Comput. Secur."},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.emnlp-main.659"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2024.3376968"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2024.emnlp-main.514"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2025.findings-acl.401"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/tifs.2025.3586479"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1049\/csy2.12117"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10206\/11313711\/11480194.pdf?arnumber=11480194","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,28]],"date-time":"2026-04-28T04:56:49Z","timestamp":1777352209000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11480194\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"references-count":54,"URL":"https:\/\/doi.org\/10.1109\/tifs.2026.3683279","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]}}}