Optimal Attack And Defense For Reinforcement Learning
2023 Β· Jeremy McMahan, Young Wu, Xiaojin Zhu, et al.
Abstract
To ensure the usefulness of Reinforcement Learning (RL) in real systems, it is crucial to ensure they are robust to noise and adversarial attacks. In adversarial RL, an external attacker has the power to manipulate the victim agent's interaction with the environment. We study the full class of online manipulation attacks, which include (i) state attacks, (ii) observation attacks (which are a generalization of perceived-state attacks), (iii) action attacks, and (iv) reward attacks. We show the attacker's problem of designing a stealthy attack that maximizes its own expected reward, which often corresponds to minimizing the victim's value, is captured by a Markov Decision Process (MDP) that we call a meta-MDP since it is not the true environment but a higher level environment induced by the attacked interaction. We show that the attacker can derive optimal attacks by planning in polynomial time or learning with polynomial sample complexity using standard RL techniques. We argue that the
Authors
(none)
Tags
Stats
Related papers
- Learning To Cope With Adversarial Attacks (2019)0.00
- Provably Invincible Adversarial Attacks On Reinforcement Learning Systems: A Rate-distortion Information-theoretic Approach (2025)0.00
- Attacking And Defending Deep Reinforcement Learning Policies (2022)0.00
- Robust Reinforcement Learning On State Observations With Learned Optimal Adversary (2021)0.00
- Who Is The Strongest Enemy? Towards Optimal And Efficient Evasion Attacks In Deep RL (2021)0.00
- Online Robust Policy Learning In The Presence Of Unknown Adversaries (2018)0.00
- Sampling Attacks On Meta Reinforcement Learning: A Minimax Formulation And Complexity Analysis (2022)0.00
- Adversarial Policies: Attacking Deep Reinforcement Learning (2019)0.00