Trojan Attacks on Neural Network Controllers for Robotic Systems

TL;DR

This paper demonstrates how Trojan backdoor attacks can be embedded in neural network controllers for robots, revealing significant security vulnerabilities that can cause unsafe robot behaviors under specific trigger conditions.

Contribution

It introduces a lightweight Trojan network for neural controllers, showing how it can be embedded and triggered to manipulate robot actions, highlighting security risks in neural robotic systems.

Findings

Trojan network successfully triggers malicious behavior in simulations

The attack remains dormant during normal operation

Neural controllers are vulnerable to critical security threats

Abstract

Neural network controllers are increasingly deployed in robotic systems for tasks such as trajectory tracking and pose stabilization. However, their reliance on potentially untrusted training pipelines or supply chains introduces significant security vulnerabilities. This paper investigates backdoor (Trojan) attacks against neural controllers, using a differential-drive mobile robot platform as a case study. In particular, assuming that the robot's tracking controller is implemented as a neural network, we design a lightweight, parallel Trojan network that can be embedded within the controller. This malicious module remains dormant during normal operation but, upon detecting a highly specific trigger condition defined by the robot's pose and goal parameters, compromises the primary controller's wheel velocity commands, resulting in undesired and potentially unsafe robot behaviours. We provide a proof-of-concept implementation of the proposed Trojan network, which is validated through simulation under two different attack scenarios. The results confirm the effectiveness of the proposed attack and demonstrate that neural network-based robotic control systems are subject to potentially critical security threats.