Beyond Training-time Poisoning: Component-level And Post-training Backdoors In Deep Reinforcement Learning
2025 Β· Sanyam Vyas, Alberto Caron, Chris Hicks, et al.
Abstract
Deep Reinforcement Learning (DRL) systems are increasingly used in safety-critical applications, yet their security remains severely underexplored. This work investigates backdoor attacks, which implant hidden triggers that cause malicious actions only when specific inputs appear in the observation space. Existing DRL backdoor research focuses solely on training-time attacks requiring unrealistic access to the training pipeline. In contrast, we reveal critical vulnerabilities across the DRL supply chain where backdoors can be embedded with significantly reduced adversarial privileges. We introduce two novel attacks: (1) TrojanentRL, which exploits component-level flaws to implant a persistent backdoor that survives full model retraining; and (2) InfrectroRL, a post-training backdoor attack which requires no access to training, validation, nor test data. Empirical and analytical evaluations across six Atari environments show our attacks rival state-of-the-art training-time backdoor atta
Authors
(none)
Tags
Stats
Related papers
- Adversarial Inception Backdoor Attacks Against Reinforcement Learning (2024)0.00
- Trojdrl: Trojan Attacks On Deep Reinforcement Learning Agents (2019)0.00
- Sleepernets: Universal Backdoor Poisoning Attacks Against Reinforcement Learning Agents (2024)0.00
- Efficient Reward Poisoning Attacks On Online Deep Reinforcement Learning (2022)0.00
- Robust Deep Reinforcement Learning Through Adversarial Attacks And Training : A Survey (2024)0.00
- Black-box Targeted Reward Poisoning Attack Against Online Deep Reinforcement Learning (2023)0.00
- Recover Triggered States: Protect Model Against Backdoor Attack In Reinforcement Learning (2023)0.00
- Beware Untrusted Simulators -- Reward-free Backdoor Attacks In Reinforcement Learning (2026)0.00