Defense on the Key Collision Attack on LLM Semantic Caching
Project Description
LLM agents have been widely used in our daily lives through Vibe Coding, Vibe Research, Deep Research, OpenClaw, and Hermes Agent. The increasingly complex agentic tasks incur high token cost and inference latency. LLM caching mechanism is therefore introduced to provide an optimization phase so as to reduce redundant or repeated LLM inference on similar LLM tasks. Our recent work (published in ICML 2026, https://arxiv.org/pdf/2601.23088) shows that LLM semantic caching is inherently vulnerable to a cache collision attack, in which an adversary can craft a malicious query that unexpectedly collides with an arbitrary user's benign query, thereby hijacking their LLM response and agent behavior. However, to date, there is no practical defense against this attack despite the wide application of semantic caching. This project aims to explore practical and deployable defenses for cache collision attacks on the LLM semantic cache.
Supervisor
SHE, Dongdong
Course type
UROP1000
UROP1100
UROP2100
UROP3100
UROP3200
UROP4100
Applicant's Roles
1. Conduct a comprehensive and in-depth survey on LLM agent, semantic caching.
2. Gain a deep theoretical and practical understanding of defense taxonomy.
3. Develop novel defense algorithms and implement a prototype.
4. Conduct an experiment, collect data, and analyze data.
5. Participate in top-tier academic conference paper writing.
2. Gain a deep theoretical and practical understanding of defense taxonomy.
3. Develop novel defense algorithms and implement a prototype.
4. Conduct an experiment, collect data, and analyze data.
5. Participate in top-tier academic conference paper writing.
Applicant's Learning Objectives
1. Deep understanding of ML security, LLM security. See my course COMP 4634, ML security, LLM security section for details.
2. Theoretical understanding of LLM compression and attack algorithm
3. Practical prototype/system development skill
4. Rigorous academic experimental setup, data collection, data analysis.
5. Professional academic paper writing skill
2. Theoretical understanding of LLM compression and attack algorithm
3. Practical prototype/system development skill
4. Rigorous academic experimental setup, data collection, data analysis.
5. Professional academic paper writing skill
Complexity of the project
Moderate