Robustness of LLM-enabled vehicle trajectory prediction under data security threats

TL;DR

This paper investigates the vulnerability of LLM-based vehicle trajectory prediction models to adversarial attacks, revealing significant susceptibility to minor perturbations and emphasizing the need for robustness improvements in safety-critical autonomous driving systems.

Contribution

It introduces a novel one-feature differential evolution attack method and provides the first systematic analysis of adversarial vulnerabilities in LLM-enabled vehicle prediction models.

Findings

Minor perturbations can significantly disrupt model outputs

LLM-based predictors are vulnerable to black-box adversarial attacks

Trade-offs exist between prediction accuracy and robustness

Abstract

The integration of large language models (LLMs) into automated driving systems has opened new possibilities for reasoning and decision-making by transforming complex driving contexts into language-understandable representations. Recent studies demonstrate that fine-tuned LLMs can accurately predict vehicle trajectories and lane-change intentions by gathering and transforming data from surrounding vehicles. However, the robustness of such LLM-based prediction models for safety-critical driving systems remains unexplored, despite the increasing concerns about the trustworthiness of LLMs. This study addresses this gap by conducting a systematic vulnerability analysis of LLM-enabled vehicle trajectory prediction. We propose a one-feature differential evolution attack that perturbs a single kinematic feature of surrounding vehicles within the LLM's input prompts under a black-box setting. Experiments on the highD dataset reveal that even minor, physically plausible perturbations can significantly disrupt model outputs, underscoring the susceptibility of LLM-based predictors to adversarial manipulation. Further analyses reveal a trade-off between accuracy and robustness, examine the failure mechanism, and explore potential mitigation solutions. The findings provide the very first insights into adversarial vulnerabilities of LLM-driven automated vehicle models in the context of vehicular interactions and highlight the need for robustness-oriented design in future LLM-based intelligent transportation systems.