| 引用本文: |
-
张锡敏,陈晋音,司泓翔,倪君辉,王一帆,赵学洋,马 梦雪,王晓璐.具身智能安全风险综述[J].信息安全学报,已采用 [点击复制]
- Zhangximin,Chenjinyin,Sihongxiang,Nijunhui,Wangyifan,Zhaoxueyang,Mamengxue,Wangxiaolu.Overview of Embodied Intelligent Security Risks[J].Journal of Cyber Security,Accept [点击复制]
|
|
| |
|
|
| 本文已被:浏览 32次 下载 0次 |
|
| 具身智能安全风险综述 |
|
张锡敏, 陈晋音, 司泓翔, 倪君辉, 王一帆, 赵学洋, 马 梦雪, 王晓璐
|
|
|
| (浙江工业大学) |
|
| 摘要: |
| 随着具身智能(embodied intelligence,EI)由单一感知—控制算法逐步发展为融合多模态感知、任务规划、决策推理、物理执行与交互反馈的一体化智能体,并加速应用于自动驾驶、工业机器人、家庭服务机器人、无人系统和多智能体协作等场景,其安全边界已由相对封闭的数字空间扩展至开放、动态且高度不确定的物理环境。与传统人工智能系统相比,具身智能系统的安全风险不仅会影响模型输出或信息处理结果,还可能经由“感知—决策—控制—执行”闭环进一步放大为路径偏移、错误操作、碰撞接触、隐私暴露甚至公共安全事件,呈现出跨层耦合、链式传导和现实后果放大的显著特征。针对现有研究在对象覆盖、层级划分、评测资源和全链路威胁建模方面仍较为分散的问题,本文从信息安全与信息—物理融合系统视角出发,围绕算法、硬件、交互与数据四个层面,构建具身智能系统全链路安全风险分析框架。该框架分别对应模型内部机制、物理接口、协同行为过程与数据资产四类关键风险承载对象,能够较为完整地覆盖具身智能从数据支撑、环境感知、模型决策到物理执行与交互反馈的主要安全链路。在此基础上,本文系统梳理不同层级威胁的主要类型、作用机理及跨层传导关系:在算法层,重点分析对抗攻击、后门攻击、中毒攻击与提示注入等威胁对感知、规划、推理和策略生成过程的影响;在硬件层,归纳传感器、执行器及底层物理接口面临的物理信号欺骗、电磁干扰、故障注入和硬件木马等风险;在交互层,讨论人机指令歧义、多智能体通信不一致、状态同步不足以及接触控制失配引发的安全问题;在数据层,分析训练数据污染、示教数据篡改、数据供应链风险、用户隐私泄露与数据治理挑战。进一步地,本文结合近年来具身智能安全领域的代表性研究,比较不同攻击模型、防御思路、仿真平台、公开数据集与评测基准的适用场景、支撑能力和局限性,并总结当前研究在统一评测口径、跨层防护机制、真实物理可部署性和系统级安全验证方面面临的关键挑战。本文旨在为具身智能系统的威胁建模、安全评估、防护机制设计与工程部署提供系统参考,并为信息—物理融合场景下的安全研究提供结构化分析视角。 |
| 关键词: 具身智能 算法安全 硬件安全 交互安全 数据安全 全链路安全 |
| DOI: |
| 投稿时间:2026-02-19修订日期:2026-06-18 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目);工业和信息化部电子第五研究所重点实验室开放课题(HK00202503455);浙江省自然科学基金(LDQ23F020001);基于多源数据融合的数据赋能方法的研究及应用 |
|
| Overview of Embodied Intelligent Security Risks |
|
Zhangximin, Chenjinyin, Sihongxiang, Nijunhui, Wangyifan, Zhaoxueyang, Mamengxue, Wangxiaolu
|
| (Zhejiang University of Technology) |
| Abstract: |
| As embodied intelligence (EI) evolves from isolated perception–control algorithms into integrated agents that combine multimodal perception, task planning, decision-making, reasoning, physical execution, and interactive feedback, it is being increasingly deployed in open scenarios such as autonomous driving, industrial robotics, household service robots, unmanned systems, and multi-agent collaboration. Accordingly, its security boundary has expanded from relatively closed digital spaces to open, dynamic, and highly uncertain physical environments. Compared with conventional AI systems, security risks in EI systems do not merely affect digital processing results; instead, they can be amplified through the perception–decision–control–execution closed loop, leading to real-world consequences such as trajectory deviation, incorrect manipulation, hazardous contact, privacy breaches, or even public safety incidents. Consequently, these risks exhibit prominent characteristics of cross-layer coupling, chain-like propagation, and amplified real-world impact. To address the fragmentation of current studies, this paper proposes a full-pipeline security risk analysis frame-work for EI systems from the perspectives of information security and cyber–physical systems. Organized along four dimensions—algorithms, hardware, interaction, and data—the framework maps onto four critical risk-bearing objects: internal model mechanisms, physical interfaces, collaborative behavioral processes, and data assets. This provides com-prehensive coverage spanning data support, environmental perception, decision-making, physical execution, and interac-tive feedback. Based on this framework, we systematically review threat types, underlying mechanisms, and cross-layer relationships across different levels. At the algorithm layer, we analyze the impacts of adversarial, backdoor, poisoning, and prompt injection attacks on perception, planning, reasoning, and policy generation. At the hardware layer, we sum-marize sensor, actuator, and low-level physical interface vulnerabilities to physical signal spoofing, electromagnetic in-terference, fault injection, and hardware Trojans. At the interaction layer, we discuss non-malicious risks arising from ambiguous human instructions, inconsistent multi-agent communication, insufficient state synchronization, and con-tact-control mismatches. At the data layer, we examine training data contamination, demonstration data tampering, data supply chain risks, user privacy leakage, and data governance challenges. Furthermore, this paper cross-examines repre-sentative studies, attack models, defense strategies, simulation platforms, public datasets, and evaluation benchmarks, summarizing key challenges in establishing unified evaluation protocols, cross-layer defense mechanisms, real-world deployability, and system-level verification. This survey aims to provide a systematic reference for threat modeling, security evaluation, defense mechanism design, and engineering deployment, offering a structured analytical perspective for security research in cyber–physical integrated environments. |
| Key words: Embodied intelligence algorithm security hardware security interaction security data security full-pipeline security |
|
|
|
|
|
