SHIELD: An Auto-Healing Agentic Defense Framework for LLM Resource Exhaustion Attacks
This addresses the threat of evolving DoS attacks on LLM systems for developers and users, offering an adaptive defense solution.
The paper tackles the problem of LLM resource exhaustion attacks (sponge attacks) by introducing SHIELD, a multi-agent auto-healing defense framework that integrates semantic similarity retrieval, pattern matching, and LLM-based reasoning, achieving high F1 scores across both non-semantic and semantic attacks.
Sponge attacks increasingly threaten LLM systems by inducing excessive computation and DoS. Existing defenses either rely on statistical filters that fail on semantically meaningful attacks or use static LLM-based detectors that struggle to adapt as attack strategies evolve. We introduce SHIELD, a multi-agent, auto-healing defense framework centered on a three-stage Defense Agent that integrates semantic similarity retrieval, pattern matching, and LLM-based reasoning. Two auxiliary agents, a Knowledge Updating Agent and a Prompt Optimization Agent, form a closed self-healing loop, when an attack bypasses detection, the system updates an evolving knowledgebase, and refines defense instructions. Extensive experiments show that SHIELD consistently outperforms perplexity-based and standalone LLM defenses, achieving high F1 scores across both non-semantic and semantic sponge attacks, demonstrating the effectiveness of agentic self-healing against evolving resource-exhaustion threats.