Adversarial Attacks to Reward Machine-based Reinforcement Learning
This addresses a security gap for RM-based reinforcement learning systems, which is incremental as it introduces the first analysis in this area.
The paper tackles the lack of security analysis for Reward Machines in reinforcement learning by proposing and evaluating blinding attacks, a novel class of adversarial attacks, to assess their robustness.
In recent years, Reward Machines (RMs) have stood out as a simple yet effective automata-based formalism for exposing and exploiting task structure in reinforcement learning settings. Despite their relevance, little to no attention has been directed to the study of their security implications and robustness to adversarial scenarios, likely due to their recent appearance in the literature. With my thesis, I aim to provide the first analysis of the security of RM-based reinforcement learning techniques, with the hope of motivating further research in the field, and I propose and evaluate a novel class of attacks on RM-based techniques: blinding attacks.