Papers by Xiaojun Jia

11 papers
Reference Matters: Benchmarking Factual Error Correction for Dialogue Summarization with Fine-grained Evaluation Framework (2023.acl-long)

Copied to clipboard

Challenge: Current evaluations of FEC models that depend on factuality metrics are not reliable and detailed enough.
Approach: They propose a fine-grained evaluation framework that automatically evaluates FEC models on different error categories.
Outcome: The proposed evaluation framework compares models on different error categories and finds the best training modes and significant differences in the performance of existing models.
LLM Jailbreak Detection for (Almost) Free! (2025.findings-emnlp)

Copied to clipboard

Challenge: Existing methods for detecting jailbreak prompts entail significant computational costs .
Approach: They propose a free jailbreak detection method which scales logits by temperature to detect jailbreak prompts .
Outcome: The proposed method detects jailbreak prompts with no additional computational costs.
PBI-Attack: Prior-Guided Bimodal Interactive Black-Box Jailbreak Attack for Toxicity Maximization (2025.emnlp-main)

Copied to clipboard

Challenge: Existing methods to jailbreak Large Vision Language Models do not consider interaction between images and text.
Approach: They propose a prior-guided bimodal interactive black-box jailbreak attack for toxicity maximization that exploits the interaction of images and text.
Outcome: The proposed method outperforms state-of-the-art jailbreak methods in black box scenarios and in closed-source LVLMs.
Exploring and Evaluating Multimodal Knowledge Reasoning Consistency of Multimodal Large Language Models (2025.findings-emnlp)

Copied to clipboard

Challenge: MLLMs have achieved significant breakthroughs in understanding across text and vision, but current models still face inconsistencies in reasoning outcomes.
Approach: They propose to evaluate multimodal large language models using a multimodal knowledge reasoning dataset to examine the extent of consistency degradation.
Outcome: The proposed evaluation tasks show that MLLMs are inefficient at integrating knowledge across modalities .
Towards Identification and Intervention of Safety-Critical Parameters in Large Language Models (2026.findings-acl)

Copied to clipboard

Challenge: Existing safety-related methodologies for large language models are lacking . despite advances in safety alignment techniques, safeguarding LLMs during adaptation to various tasks remains a challenge.
Approach: They propose a framework to quantify how different parameters affect LLM safety . they propose two targeted intervention paradigms for safety enhancement and preservation .
Outcome: The proposed framework reveals safety-critical patterns across different LLM architectures.
One Shot Dominance: Knowledge Poisoning Attack on Retrieval-Augmented Generation Systems (2025.findings-emnlp)

Copied to clipboard

Challenge: Existing knowledge poisoning attacks against RAG systems require multiple poisoned documents or can only function effectively on simplistic queries.
Approach: They propose a more realistic knowledge poisoning attack that poisons only a single document while remaining effective for complex multi-hop questions involving complex relationships between multiple elements.
Outcome: The proposed attack achieves success by poisoning only a single document while remaining effective for complex multi-hop questions involving complex relationships between multiple elements.
GAMBIT: A Gamified Jailbreak Framework for Multimodal Large Language Models (2026.acl-long)

Copied to clipboard

Challenge: Existing attacks focus on increasing the complexity of the modified visual task and do not explicitly leverage the model’s own reasoning incentives.
Approach: They propose a framework that decomposes and reassembles harmful visual semantics and constructs a gamified scene that drives the model to explore, reconstruct intent and answer as part of winning the game.
Outcome: Experiments on reasoning and non-reasoning MLLMs show that the proposed framework outperforms baseline models on both vision and text.
Know Thy Enemy: Securing LLMs Against Prompt Injection via Diverse Data Synthesis and Instruction-Level Chain-of-Thought Learning (2026.findings-acl)

Copied to clipboard

Challenge: Large language model (LLM)-integrated applications face security vulnerabilities from prompt injection (PI) attacks.
Approach: They propose a model enhancement method that synthesizes diverse training data and employs instruction-level chain-of-thought fine-tuning to enable LLMs to effectively identify and reject malicious instructions regardless of their source or position in the context.
Outcome: The proposed method outperforms baselines in three critical dimensions while maintaining utility performance without degradation.
Golden Touchstone: A Comprehensive Bilingual Benchmark for Evaluating Financial Large Language Models (2025.findings-emnlp)

Copied to clipboard

Challenge: Existing financial benchmarks suffer from limited language and task coverage, low-quality datasets, and inadequate adaptability for LLM evaluation.
Approach: They propose a bilingual benchmark for financial LLMs that assesses models’ language understanding and generation capabilities.
Outcome: The proposed bilingual benchmark assesses models’ language understanding and generation capabilities.
Efficient Universal Goal Hijacking with Semantics-guided Prompt Organization (2025.acl-long)

Copied to clipboard

Challenge: Existing methods for prompt injection have focused on optimizing the suffix, overlooking the role of the prompt.
Approach: They propose a method that incorporates an efficient optimization algorithm and two semantics-guided prompt organization strategies to optimize the suffix sequence for universal goal hijacking.
Outcome: The proposed method can generate a fixed suffix that can concatenate to arbitrary user prompts for universal goal hijacking.
Crabs: Consuming Resource via Auto-generation for LLM-DoS Attack under Black-box Settings (2025.findings-acl)

Copied to clipboard

Challenge: Existing studies on white-box attacks focus on black-box LLMs, leaving black- box scenarios underexplored.
Approach: They propose an automated algorithm designed for black-box LLMs that constructs the DoS Attack Tree and expands the node coverage to achieve effectiveness under black- box conditions.
Outcome: The proposed algorithm can be used to build a DoS Attack Tree and expand the node coverage to achieve effectiveness under black-box conditions.

What is GenGO?

GenGO is an NLP powered publication search system. It currenctly indexes 30k+ papers from ACL Anthology, and implements multi-aspect summarization, semantic search, and more!

Information

About
Limitations