Poisoning Deep Reinforcement Learning Agents with In-Distribution Triggers

Abstract: In this paper, we propose a new data poisoning attack and apply it to deep reinforcement learning agents. Our attack centers on what we call in-distribution triggers, which are triggers native to the data distributions the model will be trained on and deployed in. We outline a simple procedure for embedding these, and other, triggers in deep reinforcement learning agents following a multi-task learning paradigm, and demonstrate in three common reinforcement learning environments. We believe that this work has … Show more

“…reinforcement learning [3,6,10,52,73,81,88,114,138,172,191,204], and unsupervised clustering [17,18,41,89,140] or anomaly detection [43,140] algorithms. Furthermore, notable examples of poisoning attacks and defenses have also been shown in computer-security applications dealing with ML, including spam filtering [13,46,57,125,132], network traffic analysis [140], and malware detection [133,146,161], audio [1,90,106,109,192] and video analysis [166,208],…”

Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning

“…reinforcement learning [3,6,10,52,73,81,88,114,138,172,191,204], and unsupervised clustering [17,18,41,89,140] or anomaly detection [43,140] algorithms. Furthermore, notable examples of poisoning attacks and defenses have also been shown in computer-security applications dealing with ML, including spam filtering [13,46,57,125,132], network traffic analysis [140], and malware detection [133,146,161], audio [1,90,106,109,192] and video analysis [166,208],…”

Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning