CP-UniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems

Senkang HU; Yihang TAO; Guowen XU; Xinyuan QIAN; Yiqin DENG; Xianhao CHEN; Sam Tak Wu KWONG; Yuguang FANG

doi:10.1109/TMC.2026.3650980

CP-UniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems

Senkang HU
, Yihang TAO
, Guowen XU
, Xinyuan QIAN
, Yiqin DENG
, Xianhao CHEN
, Sam Tak Wu KWONG
, Yuguang FANG

School of Data Science

Research output: Journal Publications › Journal Article (refereed) › peer-review

Abstract

Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework.

Original language	English
Number of pages	14
Journal	IEEE Transactions on Mobile Computing
DOIs	https://doi.org/10.1109/TMC.2026.3650980
Publication status	E-pub ahead of print - 5 Jan 2026

Bibliographical note

A preliminary version of this work was presented at the 39th Annual AAAI Conference on Artificial Intelligence (AAAI’25).

Funding

The research work described in this paper was conducted in the JC STEM Lab of Smart City funded by The Hong Kong Jockey Club Charities Trust under Contract 2023-0108. The work was supported in part by the Hong Kong SAR Government under the Global STEM Professorship and Research Talent Hub. The work of S. Hu was supported in part by the Hong Kong Innovation and Technology Commission under InnoHK Project CIMDA. The work of Y. Deng was supported in part by the National Natural Science Foundation of China under Grant No. 62301300. The work of X. Chen was supported in part by the Research Grants Council of Hong Kong under Grant 27213824 and Grant CRS HKU702/24.

Keywords

Collaborative perception
embodied perception
malicious agent detection
multi-agent systems

Access to Document

10.1109/TMC.2026.3650980

Cite this

@article{bc315a9b6d224295a952f80027254f00,

title = "CP-UniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems",

abstract = "Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework.",

keywords = "Collaborative perception, embodied perception, malicious agent detection, multi-agent systems",

author = "Senkang HU and Yihang TAO and Guowen XU and Xinyuan QIAN and Yiqin DENG and Xianhao CHEN and KWONG, \{Sam Tak Wu\} and Yuguang FANG",

note = "A preliminary version of this work was presented at the 39th Annual AAAI Conference on Artificial Intelligence (AAAI{\textquoteright}25).",

year = "2026",

month = jan,

day = "5",

doi = "10.1109/TMC.2026.3650980",

language = "English",

journal = "IEEE Transactions on Mobile Computing",

issn = "1536-1233",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - CP-UniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems

AU - HU, Senkang

AU - TAO, Yihang

AU - XU, Guowen

AU - QIAN, Xinyuan

AU - DENG, Yiqin

AU - CHEN, Xianhao

AU - KWONG, Sam Tak Wu

AU - FANG, Yuguang

N1 - A preliminary version of this work was presented at the 39th Annual AAAI Conference on Artificial Intelligence (AAAI’25).

PY - 2026/1/5

Y1 - 2026/1/5

N2 - Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework.

AB - Collaborative Perception (CP) has been shown to be a promising technique for multi-agent autonomous driving and multi-agent robotic systems, where multiple agents share their perception information to enhance the overall perception performance and expand the perception range. However, in CP, an ego agent needs to receive messages from its collaborators, which makes it vulnerable to attacks from malicious agents. To address this critical issue, we propose a unified, probability-agnostic, and adaptive framework, namely, CP-uniGuard, which is a tailored defense mechanism for CP deployed by each agent to accurately detect and eliminate malicious agents in its collaboration network. Our key idea is to enable CP to reach a consensus rather than a conflict against an ego agent's perception results. Based on this idea, we first develop a probability-agnostic sample consensus (PASAC) method to effectively sample a subset of the collaborators and verify the consensus without prior probabilities of malicious agents. Furthermore, we define collaborative consistency loss (CCLoss) for object detection task and bird's eye view (BEV) segmentation task to capture the discrepancy between an ego agent and its collaborators, which is used as a verification criterion for consensus. In addition, we propose online adaptive threshold via dual sliding windows to dynamically adjust the threshold for consensus verification and ensure the reliability of the systems in dynamic environments. Finally, we conduct extensive experiments and demonstrate the effectiveness of our framework.

KW - Collaborative perception

KW - embodied perception

KW - malicious agent detection

KW - multi-agent systems

U2 - 10.1109/TMC.2026.3650980

DO - 10.1109/TMC.2026.3650980

M3 - Journal Article (refereed)

SN - 1536-1233

JO - IEEE Transactions on Mobile Computing

JF - IEEE Transactions on Mobile Computing

ER -

CP-UniGuard: A Unified, Probability-Agnostic, and Adaptive Framework for Malicious Agent Detection and Defense in Multi-Agent Embodied Perception Systems

Abstract

Bibliographical note

Funding

Keywords

Access to Document

Fingerprint

Cite this