MAS-Shield: A Defense Framework for Secure and Efficient LLM MAS

TL;DR

MAS-Shield is a hierarchical defense framework for LLM-based multi-agent systems that efficiently detects and mitigates linguistic attacks by dynamically allocating resources across multiple filtering stages.

Contribution

It introduces a coarse-to-fine filtering pipeline with dynamic resource allocation, balancing security and efficiency in defending against linguistic attacks in MAS.

Findings

Achieves 92.5% recovery rate against adversarial attacks.

Reduces defense latency by over 70%.

Effectively balances security and computational efficiency.

Abstract

Large Language Model (LLM)-based Multi-Agent Systems (MAS) are susceptible to linguistic attacks that can trigger cascading failures across the network. Existing defenses face a fundamental dilemma: lightweight single-auditor methods are prone to single points of failure, while robust committee-based approaches incur prohibitive computational costs in multi-turn interactions. To address this challenge, we propose \textbf{MAS-Shield}, a secure and efficient defense framework designed with a coarse-to-fine filtering pipeline. Rather than applying uniform scrutiny, MAS-Shield dynamically allocates defense resources through a three-stage protocol: (1) \textbf{Critical Agent Selection } strategically targets high-influence nodes to narrow the defense surface; (2) \textbf{Light Auditing} employs lightweight sentry models to rapidly filter the majority of benign cases; and (3) \textbf{Global Consensus Auditing} escalates only suspicious or ambiguous signals to a heavyweight committee for definitive arbitration. This hierarchical design effectively optimizes the security-efficiency trade-off. Experiments demonstrate that MAS-Shield achieves a 92.5\% recovery rate against diverse adversarial scenarios and reduces defense latency by over 70\% compared to existing methods.