Black-Box Targeted Reward Poisoning Attack Against Online Deep Reinforcement Learning
This addresses security vulnerabilities in DRL systems, posing a threat to applications like autonomous systems, but it is incremental as it builds on existing attack frameworks.
The authors tackled the problem of targeted reward poisoning attacks against online deep reinforcement learning, proposing a black-box method that efficiently leads agents to various target policies with limited budgets, as verified experimentally across diverse environments and state-of-the-art learners.
We propose the first black-box targeted attack against online deep reinforcement learning through reward poisoning during training time. Our attack is applicable to general environments with unknown dynamics learned by unknown algorithms and requires limited attack budgets and computational resources. We leverage a general framework and find conditions to ensure efficient attack under a general assumption of the learning algorithms. We show that our attack is optimal in our framework under the conditions. We experimentally verify that with limited budgets, our attack efficiently leads the learning agent to various target policies under a diverse set of popular DRL environments and state-of-the-art learners.