Sequential Triggers for Watermarking of Deep Reinforcement Learning Policies
This addresses the issue of unauthorized replication and control of DRL policies for developers and owners, though it is incremental as it builds on existing watermarking concepts applied to a new domain.
The paper tackles the problem of protecting proprietary Deep Reinforcement Learning policies by proposing a watermarking scheme that embeds a unique identifier through specific state transition sequences, with minimal impact on policy performance, demonstrated in the Cartpole environment using a DQN policy.
This paper proposes a novel scheme for the watermarking of Deep Reinforcement Learning (DRL) policies. This scheme provides a mechanism for the integration of a unique identifier within the policy in the form of its response to a designated sequence of state transitions, while incurring minimal impact on the nominal performance of the policy. The applications of this watermarking scheme include detection of unauthorized replications of proprietary policies, as well as enabling the graceful interruption or termination of DRL activities by authorized entities. We demonstrate the feasibility of our proposal via experimental evaluation of watermarking a DQN policy trained in the Cartpole environment.