Your Agent Can Defend Itself against Backdoor Attacks
Abstract: Intelligent agents powered by large language models (LLMs) have gained surging popularity due to their versatile and customizable capabilities across diverse environments. However, recent studies also reveal their critical vulnerability: LLM agents are highly susceptible to backdoor attacks during training or fine-tuning. Such compromised agents can subsequently be manipulated to execute malicious operations when presented with specific triggers in their inputs or environments. To address this pressing risk, we present ReAgent, a novel defense against a range of backdoor attacks on LLM-based agents. Intuitively, backdoor attacks often result in inconsistencies among the user's instruction, the agent's planning, and its execution. Drawing on this insight, ReAgent employs a two-level approach to detect potential backdoors. At the execution level, ReAgent verifies consistency between the agent's thoughts and actions; at the planning level, ReAgent leverages the agent's capability to reconstruct the instruction based on its thought trajectory, checking for consistency between the reconstructed instruction and the user's instruction. Extensive evaluation demonstrates ReAgent's effectiveness against various backdoor attacks across diverse tasks. For instance, ReAgent reduces the attack success rate by up to 90% in database operation tasks, outperforming existing defenses by large margins. This work reveals the potential of utilizing compromised agents themselves to mitigate backdoor risks.
Paper Type: Long
Research Area: Ethics, Bias, and Fairness
Research Area Keywords: Agent, Backdoor attack
Contribution Types: Publicly available software and/or pre-trained models
Languages Studied: English
Submission Number: 476
Loading