Understanding The Limits Of Poisoning Attacks In Episodic Reinforcement Learning
2022 Β· Anshuka Rangi, Haifeng Xu, Long Tran-Thanh, et al.
Abstract
To understand the security threats to reinforcement learning (RL) algorithms, this paper studies poisoning attacks to manipulate *any* order-optimal learning algorithm towards a targeted policy in episodic RL and examines the potential damage of two natural types of poisoning attacks, i.e., the manipulation of *reward* and *action*. We discover that the effect of attacks crucially depend on whether the rewards are bounded or unbounded. In bounded reward settings, we show that only reward manipulation or only action manipulation cannot guarantee a successful attack. However, by combining reward and action manipulation, the adversary can manipulate any order-optimal learning algorithm to follow any targeted policy with \(\tilde\{\Theta\}(\sqrt\{T\})\) total attack cost, which is order-optimal, without any knowledge of the underlying MDP. In contrast, in unbounded reward settings, we show that reward manipulation attacks are sufficient for an adversary to successfully manipulate any order
Authors
(none)
Tags
Stats
Related papers
- Reward Poisoning In Reinforcement Learning: Attacks Against Unknown Learners In Unknown Environments (2021)0.00
- Policy Teaching In Reinforcement Learning Via Environment Poisoning Attacks (2020)0.00
- Efficient Reward Poisoning Attacks On Online Deep Reinforcement Learning (2022)0.00
- Online Poisoning Attack Against Reinforcement Learning Under Black-box Environments (2024)0.00
- Black-box Targeted Reward Poisoning Attack Against Online Deep Reinforcement Learning (2023)0.00
- Manipulating Reinforcement Learning: Poisoning Attacks On Cost Signals (2020)0.00
- Vulnerability-aware Poisoning Mechanism For Online RL With Unknown Dynamics (2020)0.00
- Optimal Attack And Defense For Reinforcement Learning (2023)6.34