Trojdrl: Trojan Attacks On Deep Reinforcement Learning Agents
2019 Β· Panagiota Kiourti, Kacper Wardega, Susmit Jha, et al.
Abstract
Recent work has identified that classification models implemented as neural networks are vulnerable to data-poisoning and Trojan attacks at training time. In this work, we show that these training-time vulnerabilities extend to deep reinforcement learning (DRL) agents and can be exploited by an adversary with access to the training process. In particular, we focus on Trojan attacks that augment the function of reinforcement learning policies with hidden behaviors. We demonstrate that such attacks can be implemented through minuscule data poisoning (as little as 0.025% of the training data) and in-band reward modification that does not affect the reward on normal inputs. The policies learned with our proposed attack approach perform imperceptibly similar to benign policies but deteriorate drastically when the Trojan is triggered in both targeted and untargeted settings. Furthermore, we show that existing Trojan defense mechanisms for classification tasks are not effective in the reinfor
Authors
(none)
Tags
Stats
Related papers
- Beyond Training-time Poisoning: Component-level And Post-training Backdoors In Deep Reinforcement Learning (2025)0.00
- Efficient Reward Poisoning Attacks On Online Deep Reinforcement Learning (2022)0.00
- Adversarial Inception Backdoor Attacks Against Reinforcement Learning (2024)0.00
- Snooping Attacks On Deep Reinforcement Learning (2019)2.26
- Black-box Targeted Reward Poisoning Attack Against Online Deep Reinforcement Learning (2023)0.00
- Execute Order 66: Targeted Data Poisoning For Reinforcement Learning (2022)0.00
- Poisoning Deep Reinforcement Learning Agents With In-distribution Triggers (2021)0.00
- Adversarial Policies: Attacking Deep Reinforcement Learning (2019)0.00