MCPShield: Graph-Based Attack Detection for LLM Tool-Call Traffic

MCPShield is an innovative framework designed to detect attacks on Model Context Protocol (MCP) tool-call traffic within LLM agents. It represents each agent session as a graph, where tool calls act as nodes and sequential/data-flow connections serve as edges, enhancing nodes with sentence-embedding characteristics derived from arguments and responses. The system categorizes sessions into benign or attacked. Assessments conducted on RAS-Eval, ATBench, and a combined-source variant involve comparisons among three GNN architectures (GAT, GCN, GraphSAGE), a non-graph MLP, and traditional models (XGBoost, random forest, logistic regression, linear SVM). GraphSAGE is maintained as the GNN benchmark for ATBench and the combined-source variant. Notably, content-level features prove crucial, while metadata-only strategies fall short.