PROTEA: Securing Robot Task Planning and Execution

TL;DR

PROTEA introduces an LLM-based defense mechanism to evaluate and enhance the security of robot task planning against adversarial attacks, addressing safety assessment challenges in complex robotic systems.

Contribution

The paper presents PROTEA, a novel LLM-as-a-Judge framework for assessing and improving the security of robot task plans against malicious manipulations.

Findings

PROTEA effectively detects malicious task plans with high accuracy.

The dataset includes diverse benign and malicious plans with varying stealthiness.

Systematic evaluation shows PROTEA enhances robustness of robotic task planning.

Abstract

Robots need task planning methods to generate action sequences for complex tasks. Recent work on adversarial attacks has revealed significant vulnerabilities in existing robot task planners, especially those built on foundation models. In this paper, we aim to address these security challenges by introducing PROTEA, an LLM-as-a-Judge defense mechanism, to evaluate the security of task plans. PROTEA is developed to address the dimensionality and history challenges in plan safety assessment. We used different LLMs to implement multiple versions of PROTEA for comparison purposes. For systemic evaluations, we created a dataset containing both benign and malicious task plans, where the harmful behaviors were injected at varying levels of stealthiness. Our results provide actionable insights for robotic system practitioners seeking to enhance robustness and security of their task planning systems. Details, dataset and demos are provided: https://protea-secure.github.io/PROTEA/