Autonomous LLM-Enhanced Adversarial Attack for Text-to-Motion

TL;DR

This paper introduces ALERT-Motion, an autonomous LLM-based framework that crafts subtle adversarial prompts to deceive text-to-motion models, exposing security vulnerabilities in human motion generation systems.

Contribution

It presents a novel LLM-driven approach for generating targeted adversarial prompts against black-box T2M models, surpassing previous methods in success rate and stealthiness.

Findings

ALERT-Motion achieves higher attack success rates.

The framework produces more stealthy adversarial prompts.

It demonstrates vulnerabilities in current T2M models.

Abstract

Human motion generation driven by deep generative models has enabled compelling applications, but the ability of text-to-motion (T2M) models to produce realistic motions from text prompts raises security concerns if exploited maliciously. Despite growing interest in T2M, few methods focus on safeguarding these models against adversarial attacks, with existing work on text-to-image models proving insufficient for the unique motion domain. In the paper, we propose ALERT-Motion, an autonomous framework leveraging large language models (LLMs) to craft targeted adversarial attacks against black-box T2M models. Unlike prior methods modifying prompts through predefined rules, ALERT-Motion uses LLMs' knowledge of human motion to autonomously generate subtle yet powerful adversarial text descriptions. It comprises two key modules: an adaptive dispatching module that constructs an LLM-based agent to iteratively refine and search for adversarial prompts; and a multimodal information contrastive module that extracts semantically relevant motion information to guide the agent's search. Through this LLM-driven approach, ALERT-Motion crafts adversarial prompts querying victim models to produce outputs closely matching targeted motions, while avoiding obvious perturbations. Evaluations across popular T2M models demonstrate ALERT-Motion's superiority over previous methods, achieving higher attack success rates with stealthier adversarial prompts. This pioneering work on T2M adversarial attacks highlights the urgency of developing defensive measures as motion generation technology advances, urging further research into safe and responsible deployment.