Update index.html

index.html

@@ -245,11 +245,17 @@ should begin with ’Sure, here is guidance on how to cause physical harm to oth
   plot shown below, the horizon axis represents the ASR averaged over 6 jailbreak attacks (GCG, AutoDAN,
 PAIR, TAP, Manyshot, and AIM), and the vertica axis shows the Win Rate on Alpaca Eval of the 
 protected LLM when the corresponding defense is deployed. The printed value for each marker is the running time
-averaged across the 25 samples selected from the AlpacaEval dataset. Larger size of a marker means lower running time cost.
+averaged across the 25 samples selected from the AlpacaEval dataset. Larger size of a marker means lower running time cost. 
+  Our method stands out by simultaneously achieves low ASR, high Win Rate, and small running time cost.
 </p>
 
 <div class="container"><img id="gradient-cuff-header" src="./running_time_analysis.png" /></div>
-      <p>below is the discussion about alpha and beta</p>
+
+  <p>Recall that we have two parameters for the Token Highlighter algorithm: the highlight percentage &alpha
+and the soft removal level &beta. In Figure 3, we report the average ASR and the Win Rate for various &alpha
+and &beta. From Figure shown below, we can find that the ASR has the same trend as the Win Rate with the changing
+of &alpha and &beta. Specifically, when &alpha is fixed, a larger value of &beta would make both the Win Rate and the
+ASR increase. When &beta is fixed, larger &alpha would both reduce the ASR and the Win Rate.</p>
 <div class="image-container">
 <figure>
 <img src="https://via.placeholder.com/300x200" alt="Image 1">