Efficient Action Poisoning Attacks on Linear Contextual Bandits
This addresses security vulnerabilities in contextual bandit systems, which are used in various applications, representing an incremental advancement in understanding adversarial impacts.
The paper tackles the problem of adversarial attacks on contextual bandit systems by proposing action poisoning attacks that alter the agent's selected actions, showing that these attacks can force the LinUCB algorithm to frequently pull a target arm with only logarithmic cost in both white-box and black-box settings.
Contextual bandit algorithms have many applicants in a variety of scenarios. In order to develop trustworthy contextual bandit systems, understanding the impacts of various adversarial attacks on contextual bandit algorithms is essential. In this paper, we propose a new class of attacks: action poisoning attacks, where an adversary can change the action signal selected by the agent. We design action poisoning attack schemes against linear contextual bandit algorithms in both white-box and black-box settings. We further analyze the cost of the proposed attack strategies for a very popular and widely used bandit algorithm: LinUCB. We show that, in both white-box and black-box settings, the proposed attack schemes can force the LinUCB agent to pull a target arm very frequently by spending only logarithm cost.