Robot Collapse: Supply Chain Backdoor Attacks Against VLM-based Robotic Manipulation
Xianlong Wang, Hewen Pan, Hangtao Zhang, Minghui Li, Shengshan Hu, Ziqi Zhou, Lulu Xue, Peijin Guo, Aishan Liu, Leo Yu Zhang, Xiaohua Jia
TL;DR
This paper introduces TrojanRobot, a novel backdoor attack framework targeting supply chain security in VLM-based robotic manipulation, demonstrating effective physical and simulated attacks across multiple tasks.
Contribution
It proposes TrojanRobot, a new backdoor injection method for robotic policies, including a prime scheme with LVLM-as-a-backdoor and three attack types, enhancing attack flexibility and effectiveness.
Findings
Successfully attacked 18 real-world manipulation tasks
Achieved effective backdoor effects with three attack types
Demonstrated superiority over existing methods in experiments
Abstract
Robotic manipulation policies are increasingly empowered by \textit{large language models} (LLMs) and \textit{vision-language models} (VLMs), leveraging their understanding and perception capabilities. Recently, inference-time attacks against robotic manipulation have been extensively studied, yet backdoor attacks targeting model supply chain security in robotic policies remain largely unexplored. To fill this gap, we propose \texttt{TrojanRobot}, a backdoor injection framework for model supply chain attack scenarios, which embeds a malicious module into modular robotic policies via backdoor relationships to manipulate the LLM-to-VLM pathway and compromise the system. Our vanilla design instantiates this module as a backdoor-finetuned VLM. To further enhance attack performance, we propose a prime scheme by introducing the concept of \textit{LVLM-as-a-backdoor}, which leverages…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.