SHIELD: An Auto-Healing Agentic Defense Framework for LLM Resource Exhaustion Attacks

TL;DR

SHIELD is a multi-agent, auto-healing framework that enhances LLM defenses against resource exhaustion attacks by combining semantic retrieval, pattern matching, and self-updating mechanisms, outperforming existing methods.

Contribution

The paper introduces SHIELD, a novel multi-agent auto-healing defense system for LLMs that adapts to evolving sponge attacks through self-updating and refinement.

Findings

SHIELD achieves high F1 scores against semantic sponge attacks.

It outperforms traditional perplexity-based defenses.

The system effectively adapts to evolving attack strategies.

Abstract

Sponge attacks increasingly threaten LLM systems by inducing excessive computation and DoS. Existing defenses either rely on statistical filters that fail on semantically meaningful attacks or use static LLM-based detectors that struggle to adapt as attack strategies evolve. We introduce SHIELD, a multi-agent, auto-healing defense framework centered on a three-stage Defense Agent that integrates semantic similarity retrieval, pattern matching, and LLM-based reasoning. Two auxiliary agents, a Knowledge Updating Agent and a Prompt Optimization Agent, form a closed self-healing loop, when an attack bypasses detection, the system updates an evolving knowledgebase, and refines defense instructions. Extensive experiments show that SHIELD consistently outperforms perplexity-based and standalone LLM defenses, achieving high F1 scores across both non-semantic and semantic sponge attacks, demonstrating the effectiveness of agentic self-healing against evolving resource-exhaustion threats.