Summary of Preference Poisoning Attacks on Reward Model Learning, by Junlin Wu et al.
Preference Poisoning Attacks on Reward Model Learning
by Junlin Wu, Jiongxiao Wang, Chaowei Xiao, Chenguang Wang, Ning Zhang, Yevgeniy Vorobeychik
First submitted to arxiv on: 2 Feb 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI); Computation and Language (cs.CL)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper investigates the vulnerability of learning reward models from pairwise comparisons to malicious attacks. The authors focus on an attacker who can flip a small subset of preference comparisons to promote or demote a target outcome. They propose two algorithmic approaches for these attacks: a gradient-based framework and several variants of rank-by-distance methods. The effectiveness of these attacks is evaluated on datasets from three domains, including autonomous control, recommendation systems, and textual prompt-response preference learning. The results show that the best attacks can be highly successful, achieving 100% success rate with only 0.3% of data poisoned. However, the most effective attack varies across domains. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Learning reward models from pairwise comparisons is important for many applications. But what if someone tries to cheat and change how you learn? This paper looks at how to make fake preferences that can trick machine learning models into doing what someone wants. The authors show two ways to do this: one uses gradients and the other uses distances between rankings. They test these attacks on three types of data, including ones for controlling robots, making recommendations, and understanding text prompts. The results are surprising – sometimes it only takes a tiny bit of fake data to make the model do what someone wants. |
Keywords
* Artificial intelligence * Machine learning * Prompt
