What problem does this paper attempt to address?

The main problem that this paper attempts to solve is the security issue of robot models under language conditions when facing adversarial attacks. Specifically, researchers are concerned with how to mislead robot models under language conditions to perform incorrect actions by constructing adversarial prefixes, thereby revealing and validating the security vulnerabilities of these models. The following is a summary of the core content of the paper: ### Research Background and Problems 1. **Robot Learning under Language Conditions**: This technology enables robots to perform multiple tasks according to natural language instructions, greatly improving the adaptability and flexibility of robots. 2. **Security Challenges**: Although significant progress has been made in robot learning under language conditions, its security issues have not been fully explored, especially in terms of adversarial attacks. ### Contributions of the Paper 1. **Proposing a New Adversarial Attack Framework**: For robot models under language conditions, researchers have designed a novel adversarial prefix attack method. This method can generate general - purpose adversarial prefixes, and when added to any original prompt, it will cause the model to perform wrong actions. 2. **Optimizing Continuous Behavior Vectors**: In order to bypass the robustness brought by the discretization module in the robot model, researchers choose to optimize based on continuous behavior vectors instead of directly manipulating the final probability distribution. 3. **Using Intermediate Features to Enhance the Attack Effect**: By introducing the intermediate self - attention features of the negative gradient, researchers have achieved adversarial distillation, further enhancing the attack effect. ### Experimental Verification - **Experimental Setup**: Researchers have conducted extensive experiments on the VIMA model, covering 13 different robot operation tasks. - **Comparing with Existing Methods**: The experimental results show that the new method has a significantly higher attack success rate on multiple tasks than the existing adversarial attack methods, with an average increase in the attack success rate of 7.5%. - **Visualizing the Attack Effect**: The impact of the attack on robot behavior is demonstrated through specific examples. For example, in visual manipulation tasks, the robot will grab the wrong object after being affected by the adversarial prefix. ### Formula Summary The formulas involved in the paper include: - **Discrete Loss Function**: \[ L_{\text{discrete}} = - \| \pi_\theta(p_a \oplus p, h) - a^* \|_2 \] - **Continuous Behavior Feature Loss**: \[ L_{\text{continuous}} = - \| D_c(p_a \oplus p, h) - D_c(p, h) \|_2 \] - **Self - Attention Feature Loss**: \[ L_{\text{self - attn}} = - \| F_s(p_a \oplus p, h) - F_s(p, h) \|_2 \] - **Total Loss Function**: \[ L = \alpha \cdot L_{\text{continuous}} + \beta \cdot L_{\text{self - attn}} \] ### Conclusion This paper successfully reveals the security vulnerabilities in robot models under language conditions by introducing a new adversarial attack method and provides valuable references for future security research.