ATAAT: Adaptive Threat-Aware Adversarial Tuning Framework against Backdoor Attacks on Vision-Language-Action Models

TL;DR

This paper introduces ATAAT, a novel framework that enhances the robustness of vision-language-action models against backdoor attacks by intelligently adapting attack strategies, demonstrating high success rates and stealthiness.

Contribution

The paper proposes ATAAT with a Threat-Method Adaptive Mapping mechanism, addressing gradient interference and enabling effective, stealthy backdoor attacks on VLAs.

Findings

ATAAT achieves over 80% Targeted Attack Success Rate.

It maintains high stealthiness with only 5% poisoning.

First to demonstrate implicit decoupled attacks in data poisoning.

Abstract

Addressing the escalating security vulnerabilities in Vision-Language-Action (VLA) models, this study investigates backdoor attacks targeting the visual pathway. We identify a core obstacle causing the failure of traditional attack paradigms: "Gradient Interference." This phenomenon represents an optimization failure triggered by conflicting strategies during end-to-end training. To resolve this, we propose an Adaptive Threat-Aware Adversarial Tuning (ATAAT) framework. Through its core "Threat-Method Adaptive Mapping" mechanism, ATAAT intelligently selects the optimal gradient decoupling strategy based on the adversary's capabilities. Extensive experiments demonstrate that ATAAT exhibits significant advantages, achieving a highly robust Targeted Attack Success Rate (TASR > 80%) while maintaining extreme stealthiness with merely a 5% poisoning rate. It efficiently handles complex semantic-level triggers and achieves implicit decoupled attacks in data poisoning scenarios for the first time. This work reveals a critical security vulnerability in VLAs and provides theoretical and methodological support for future defense architectures.