OpenNovelty.org

Monitoring LLM-based Multi-Agent Systems Against Corruption Attacks via Node Evaluation

ICLR 2026 Conference SubmissionAnonymous Authors
OpenReview Score: 6.0Download Report PDF
Multi-Agent SystemsLarge Language Models
Abstract:

Large Language Model (LLM)-based Multi-Agent Systems (MAS) have become a popular focus of contemporary research, with extensive studies demonstrating their effectiveness in enhancing the performance of individual agents. However, trustworthiness issues in MAS remain a critical concern. Unlike challenges in single-agent systems, MAS involve more complex communication processes, making them susceptible to corruption attacks. To mitigate this issue, several defense mechanisms have been developed based on the graph representation of MAS, where agents represent nodes and communications form edges. Nevertheless, these methods predominantly focus on static graph defense, attempting to either detect attacks in a fixed graph structure or optimize a static topology with certain defensive capabilities. To address this limitation, we propose a dynamic defense paradigm for MAS graph structures, which continuously monitors communication within the MAS graph, then dynamically adjusts the graph topology, accurately disrupts malicious communications, and effectively defends against evolving and diverse dynamic attacks. Experimental results in increasingly complex and dynamic MAS environments demonstrate that our method significantly outperforms existing MAS defense mechanisms as well as single-agent defense approaches.

Disclaimer
This report is AI-GENERATED using Large Language Models and WisPaper (A scholar search engine). It analyzes academic papers' tasks and contributions against retrieved prior work. While this system identifies POTENTIAL overlaps and novel directions, ITS COVERAGE IS NOT EXHAUSTIVE AND JUDGMENTS ARE APPROXIMATE. These results are intended to assist human reviewers and SHOULD NOT be relied upon as a definitive verdict on novelty.
NOTE that some papers exist in multiple, slightly different versions (e.g., with different titles or URLs). The system may retrieve several versions of the same underlying work. The current automated pipeline does not reliably align or distinguish these cases, so human reviewers will need to disambiguate them manually.
If you have any questions, please contact: mingzhang23@m.fudan.edu.cn

Overview

Overall Novelty Assessment

The paper proposes a dynamic defense paradigm for LLM-based multi-agent systems that continuously monitors communication graphs and adjusts topology in real-time to disrupt malicious interactions. Within the taxonomy, it resides in the 'Dynamic Graph Topology Defense' leaf under 'LLM-Based Multi-Agent System Defense', sharing this leaf with only one sibling paper. This represents a relatively sparse research direction within a seven-paper taxonomy, suggesting the specific focus on dynamic topology adjustment for LLM-based MAS is not yet heavily explored in the examined literature.

The taxonomy reveals neighboring work in 'System-Level Anomaly Detection' and 'Temporal Graph Propagation Modeling' within the same parent branch, alongside domain-specific applications in connected vehicles, drone networks, and reinforcement learning communication defense. The paper's emphasis on continuous topology adjustment distinguishes it from static detection frameworks and propagation modeling approaches. The taxonomy's scope notes explicitly exclude static graph defenses and detection-only methods from this leaf, positioning the work at the intersection of real-time monitoring and structural intervention rather than passive observation or fixed-topology optimization.

Among twenty candidates examined across three contributions, no clearly refutable prior work was identified. The 'Dynamic defense paradigm' contribution examined ten candidates with zero refutations, while 'Backward propagation method for agent contribution evaluation' similarly found no overlapping prior work among ten candidates. The 'MAS Graph Backpropagation technique' was not evaluated against any candidates. This limited search scope—twenty papers from semantic matching—suggests the analysis captures highly relevant neighbors but cannot confirm exhaustive novelty. The absence of refutations within this constrained set indicates the specific combination of dynamic topology adjustment and continuous monitoring may be underexplored.

Based on the limited search scope, the work appears to occupy a relatively novel position within LLM-based multi-agent defense, particularly in its emphasis on real-time structural adaptation rather than static detection. However, the small taxonomy size and twenty-candidate search limit confidence in this assessment. A broader literature review covering static graph defenses, general adversarial robustness in multi-agent systems, and non-LLM dynamic topology methods would provide stronger validation of the claimed novelty.

Taxonomy

Core-task Taxonomy Papers
7
3
Claimed Contributions
20
Contribution Candidate Papers Compared
0
Refutable Paper

Research Landscape Overview

Core task: Defending multi-agent systems against corruption attacks through dynamic graph monitoring. The field addresses how to protect collaborative agent networks from adversarial manipulation by continuously analyzing their evolving communication and interaction structures. The taxonomy divides into two main branches: LLM-Based Multi-Agent System Defense, which focuses on protecting language-model-driven agents through mechanisms like dynamic graph topology monitoring and sentinel-based oversight, and Domain-Specific Multi-Agent Defense Applications, which tailors defenses to particular operational contexts such as drone swarms or cyber-physical systems. Within the LLM-based branch, works like GUARDIAN[3] and SentinelAgent[2] exemplify approaches that embed specialized monitoring agents or adaptive policy frameworks to detect and mitigate corrupted nodes, while the domain-specific branch explores how threat detection in UAV networks (e.g., Threat Detection Drones[5], Quantum UAV[7]) or temporal graph anomaly methods (Temporal Graph Anomaly[6]) can be adapted to multi-agent defense scenarios. A particularly active line of work centers on real-time node evaluation and topology-based defenses, where systems must distinguish legitimate agent behavior from adversarial corruption as the interaction graph evolves. Node Evaluation Monitoring[0] sits squarely within this dynamic graph topology defense cluster, emphasizing continuous assessment of individual agents' integrity through graph-structural signals. This contrasts slightly with Node Evaluation Corruptions[1], which investigates the nature and propagation of corruption itself, providing complementary insights into attack vectors. Compared to broader frameworks like GUARDIAN[3] that integrate multiple defense layers, Node Evaluation Monitoring[0] appears more narrowly focused on the monitoring mechanism itself, while Adaptive Policy Learning[4] explores how defenses can evolve over time. The central tension across these works involves balancing detection sensitivity against computational overhead and false-positive rates, especially as agent networks scale and adversaries adapt their strategies.

Claimed Contributions

Dynamic defense paradigm for MAS graph structures

The authors introduce a defense approach that continuously monitors agent communications in Multi-Agent Systems and dynamically adjusts the graph topology to disrupt malicious communications, rather than relying on static graph defenses. This enables adaptation to evolving attack strategies.

10 retrieved papers
MAS Graph Backpropagation technique

The authors develop a backpropagation method that models MAS communication as information propagation over a signed graph, using the chain rule to efficiently compute each agent's influence on final decisions. This enables accurate identification of harmful nodes or edges.

0 retrieved papers
Backward propagation method for agent contribution evaluation

The authors propose a backward propagation algorithm that evaluates each agent's contribution to the system by combining local message scores with global propagation effects, enabling reliable detection of malicious agents in Multi-Agent Systems.

10 retrieved papers

Core Task Comparisons

Comparisons with papers in the same taxonomy category

Contribution Analysis

Detailed comparisons for each claimed contribution

Contribution

Dynamic defense paradigm for MAS graph structures

The authors introduce a defense approach that continuously monitors agent communications in Multi-Agent Systems and dynamically adjusts the graph topology to disrupt malicious communications, rather than relying on static graph defenses. This enables adaptation to evolving attack strategies.

Contribution

MAS Graph Backpropagation technique

The authors develop a backpropagation method that models MAS communication as information propagation over a signed graph, using the chain rule to efficiently compute each agent's influence on final decisions. This enables accurate identification of harmful nodes or edges.

Contribution

Backward propagation method for agent contribution evaluation

The authors propose a backward propagation algorithm that evaluates each agent's contribution to the system by combining local message scores with global propagation effects, enabling reliable detection of malicious agents in Multi-Agent Systems.

Table of Contents

Monitoring LLM-based Multi-Agent Systems Against Corruption Attacks via Node Evaluation | Novelty Validation