Robo-Troj: Attacking LLM-based Task Planners
This work addresses a critical security problem for robot systems using LLM-based planners, highlighting a novel vulnerability that could impact safety in diverse application domains.
The paper tackles the security vulnerabilities of LLM-based task planners in robots by developing Robo-Troj, a multi-trigger backdoor attack that uses unique trigger words to activate malicious behaviors, demonstrating the need for secured systems.
Robots need task planning methods to achieve goals that require more than individual actions. Recently, large language models (LLMs) have demonstrated impressive performance in task planning. LLMs can generate a step-by-step solution using a description of actions and the goal. Despite the successes in LLM-based task planning, there is limited research studying the security aspects of those systems. In this paper, we develop Robo-Troj, the first multi-trigger backdoor attack for LLM-based task planners, which is the main contribution of this work. As a multi-trigger attack, Robo-Troj is trained to accommodate the diversity of robot application domains. For instance, one can use unique trigger words, e.g., "herical", to activate a specific malicious behavior, e.g., cutting hand on a kitchen robot. In addition, we develop an optimization method for selecting the trigger words that are most effective. Through demonstrating the vulnerability of LLM-based planners, we aim to promote the development of secured robot systems.