Adversarial Attacks Against Reinforcement Learning-Based Portfolio Management Strategy

Chen, Yuying; Chen, Chiao-Ting; Sang, Chuan-Yun; Yang, Yao-Chun; Huang, Szu-Hao

doi:10.1109/access.2021.3068768

Cited by 12 publications

(4 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This focuses on the area includes the robustification of Deep RL algorithms against poisoning and evasion attacks that aim to attack the algorithmic functionalities of the automated agent. While very low number of publications have focused on such attacks for Deep RL algorithms, it is evident that the future cyber attackers will implement such attacks in the future through Deep RL and neural network based research within other domains [14,26,108,130]. If this challenge is not addressed, future networked systems could be vulnerable to algorithmic attacks that could potentially take control of the automated blue agent, and eventually the entire network.…”

Section: Challenges and Their Importancementioning

confidence: 99%

Automated Cyber Defence: A Review

Vyas¹,

Hannay²,

Bolton³

et al. 2023

Preprint

View full text Add to dashboard Cite

Within recent times, cybercriminals have curated a variety of organised and resolute cyber attacks within a range of cyber systems, leading to consequential ramifications to private and governmental institutions. Current security-based automation and orchestrations focus on automating fixed purpose and hard-coded solutions, which are easily surpassed by modern-day cyber attacks. Research within Automated Cyber Defence will allow the development and enabling intelligence response by autonomously defending networked systems through sequential decision-making agents. This article comprehensively elaborates the developments within Automated Cyber Defence through a requirement analysis divided into two sub-areas, namely, automated defence and attack agents and Autonomous Cyber Operation (ACO) Gyms. The requirement analysis allows the comparison of automated agents and highlights the importance of ACO Gyms for their continual development. The requirement analysis is also used to critique ACO Gyms with an overall aim to develop them for deploying automated agents within real-world networked systems. Relevant future challenges were addressed from the overall analysis to accelerate development within the area of Automated Cyber Defence.

show abstract

Section: Challenges and Their Importancementioning

confidence: 99%

Automated Cyber Defence: A Review

Vyas¹,

Hannay²,

Bolton³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…Hence, it is imperative to study RL under an adversarial environment. In the last five years, there is a surge in terms of the number of papers that studies the security issues of RL [104,105,106,107,108,109,110,111,112,113,114,115,116,117]. The vulnerabilities of RL comes from the information exchange between the agent and the environment.…”

Section: Reinforcement Learning In Adversarial Environmentmentioning

confidence: 99%

Reinforcement Learning for Feedback-Enabled Cyber Resilience

Huang¹,

Huang²,

Zhu³

2021

Preprint

View full text Add to dashboard Cite

The rapid growth in the number of devices and their connectivity has enlarged the attack surface and made cyber systems more vulnerable. As attackers become increasingly sophisticated and resourceful, mere reliance on traditional cyber protection, such as intrusion detection, firewalls, and encryption, is insufficient to secure the cyber systems. Cyber resilience provides a new security paradigm that complements inadequate protection with resilience mechanisms. A Cyber-Resilient Mechanism (CRM) adapts to the known or zero-day threats and uncertainties in real-time and strategically responds to them to maintain the critical functions of the cyber systems in the event of successful attacks. Feedback architectures play a pivotal role in enabling the online sensing, reasoning, and actuation process of the CRM. Reinforcement Learning (RL) is an important class of algorithms that epitomize the feedback architectures for cyber resiliency. It allows the CRM to provide dynamic and sequential responses to attacks with limited or without prior knowledge of the environment and the attacker. In this work, we review the literature on RL for cyber resiliency and discuss the cyber-resilient defenses against three major types of vulnerabilities, i.e., posture-related, information-related, and human-related vulnerabilities. We introduce moving target defense, defensive cyber deception, and assistive human security technologies as three application domains of CRMs to elaborate on their designs. The RL algorithms also have vulnerabilities themselves. We explain the major vulnerabilities of RL and present works that develop several attack models, in which the attacks target the rewards, the state observations, and the action commands. We show that the attacker can trick the RL agent into learning a nefarious policy with minimum attacking effort. We discuss the potential defense methods to secure them and find that there is a lack of works focusing on the defensive mechanisms for RL-enabled systems. Finally, we discuss the future challenges of RL for cyber security and resiliency and emerging applications of RL-based CRMs.

show abstract

“…Without consistent or accurate feedback from the environment, the agent can either fail to learn an implementable control policy or be tricked into a 'nefarious' control policy favored by the adversaries. In the last five years, there is a surge in the number of research studies that focus on the security threats faced by RL with discrete state space [13], [16]- [23]. Very few if not none of these studies have investigated the security threats to RL-enabled control systems, which often comes with continuous state and action spaces.…”

Section: Introductionmentioning

confidence: 99%

“…Related works: There is a recent trend in studying security threats faced by RL algorithms [13], [16]- [23], [28]. These studies approach the security threats faced by Rl algorithms through two different vulnerable targets: attacks on the reward or cost signals [13], [18], [19], [21], [23], attacks on the state sensing [15], [20], [22].…”

Section: Introductionmentioning

confidence: 99%

Reinforcement Learning for Linear Quadratic Control is Vulnerable Under Cost Manipulation

Huang¹,

Zhu²

2022

Preprint

View full text Add to dashboard Cite

In this work, we study the deception of a Linear-Quadratic-Gaussian (LQG) agent by manipulating the cost signals. We show that a small falsification on the cost parameters will only lead to a bounded change in the optimal policy and the bound is linear on the amount of falsification the attacker can apply on the cost parameters. We propose an attack model where the goal of the attacker is to mislead the agent into learning a 'nefarious' policy with intended falsification on the cost parameters. We formulate the attack's problem as an optimization problem, which is proved to be convex, and developed necessary and sufficient conditions to check the achievability of the attacker's goal.We showcase the adversarial manipulation on two types of LQG learners: the batch RL learner and the other is the adaptive dynamic programming (ADP) learner. Our results demonstrate that with only 2.296% of falsification on the cost data, the attacker misleads the batch RL into learning the 'nefarious' policy that leads the vehicle to a dangerous position. The attacker can also gradually trick the ADP learner into learning the same 'nefarious' policy by consistently feeding the learner a falsified cost signal that stays close to the true cost signal. The aim of the paper is to raise people's awareness of the security threats faced by RL-enabled control systems.

show abstract

Adversarial Attacks Against Reinforcement Learning-Based Portfolio Management Strategy

Cited by 12 publications

References 25 publications

Automated Cyber Defence: A Review

Automated Cyber Defence: A Review

Reinforcement Learning for Feedback-Enabled Cyber Resilience

Reinforcement Learning for Linear Quadratic Control is Vulnerable Under Cost Manipulation

Contact Info

Product

Resources

About