Enhancing Security in Embodied Intelligence: Attack Detection via Constraint Functions
摘要
Embodied Artificial Intelligence (EAI) systems, powered by Large Language Models (LLMs), are increasingly capable of autonomous interaction with the physical world through embodied agents. These embodied agents demonstrate advanced abilities in perception, reasoning, and execution, allowing them to interpret complex language instructions and generalize tasks more effectively. This underscores the potential of LLMs to enhance the cognitive and operational performance of embodied systems. However, integrating LLMs into EAI also introduces novel security risks. Attackers may exploit vulnerabilities through prompt injection, backdoors, or other means, causing the model to produce incorrect outputs that can lead to task failures or severe system disruptions. To mitigate these threats, we propose a correctness-oriented security verification approach, called ADCF, for the ReKep task execution pipeline. ADCF generates task constraint functions—derived from real keypoint images—as “task fingerprints” and compares them with constraints observed during execution to detect potential tampering or hijacking. We validate our ADCF in the OmniGibson simulation environment under various attack scenarios. Experimental results show that ADCF can detect abnormal behaviors with an added time overhead of less than one second. Across diverse attacks—including prompt injection, backdoor implantation, and man-in-the-middle attacks—our approach achieves over 92% detection accuracy on GPT-4o, QWen, Kimi, and Grok models, showing effective security assurance for EAI systems.