Loading Now

Summary of Sleepernets: Universal Backdoor Poisoning Attacks Against Reinforcement Learning Agents, by Ethan Rathbun et al.


SleeperNets: Universal Backdoor Poisoning Attacks Against Reinforcement Learning Agents

by Ethan Rathbun, Christopher Amato, Alina Oprea

First submitted to arxiv on: 30 May 2024

Categories

  • Main: Machine Learning (cs.LG)
  • Secondary: Cryptography and Security (cs.CR)

     Abstract of paper      PDF of paper


GrooveSquid.com Paper Summaries

GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!

Summary difficulty Written by Summary
High Paper authors High Difficulty Summary
Read the original abstract here
Medium GrooveSquid.com (original content) Medium Difficulty Summary
The paper investigates reinforcement learning (RL) algorithm robustness against backdoor poisoning attacks during training. The authors explore stealthy attacks that induce a specific action when a pre-determined trigger is observed at inference time. They identify theoretical limitations of prior work and formulate a novel attack framework that guarantees success in the limit. To develop a universal backdoor attack, they propose “SleeperNets” using dynamic reward poisoning techniques. The paper evaluates the attack in six environments across multiple domains, demonstrating significant improvements over existing methods while preserving benign episodic return.
Low GrooveSquid.com (original content) Low Difficulty Summary
Reinforcement learning is used to make decisions and control systems in many areas like self-driving cars or healthcare. But it’s vulnerable to attacks that can harm people or things. This paper looks at a sneaky kind of attack called backdoor poisoning, where someone manipulates the training data to make an RL agent do something specific when it sees a certain trigger. The researchers found out what some previous studies got wrong and created a new way to launch this kind of attack that’s really good at making it happen. They tested it in six different situations and showed that their method works better than others, while still keeping the agent from doing bad things.

Keywords

» Artificial intelligence  » Inference  » Reinforcement learning