Reinforcement Learning for Linear Quadratic Control is Vulnerable Under Cost Manipulation

Abstract: In this work, we study the deception of a Linear-Quadratic-Gaussian (LQG) agent by manipulating the cost signals. We show that a small falsification on the cost parameters will only lead to a bounded change in the optimal policy and the bound is linear on the amount of falsification the attacker can apply on the cost parameters. We propose an attack model where the goal of the attacker is to mislead the agent into learning a 'nefarious' policy with intended falsification on the cost parameters. We formulate th… Show more

“…Understanding these attacks and developing countermeasures to guarantee the safety of the systems are critical [12]. Previous works have explored policy poisoning attacks occurring via manipulation of the system's cost measurements in a discrete-time control system [13], [14]. Our work focuses on the case of policy poisoning through sensor data manipulation on a batch-learning agent in the continuous-time setting, which we believe to be a more realistic and applicable attack scenario.…”

Policy Poisoning in Batch Learning for Linear Quadratic Control Systems via State Manipulation

“…Understanding these attacks and developing countermeasures to guarantee the safety of the systems are critical [12]. Previous works have explored policy poisoning attacks occurring via manipulation of the system's cost measurements in a discrete-time control system [13], [14]. Our work focuses on the case of policy poisoning through sensor data manipulation on a batch-learning agent in the continuous-time setting, which we believe to be a more realistic and applicable attack scenario.…”

Policy Poisoning in Batch Learning for Linear Quadratic Control Systems via State Manipulation