Summary of Sleepernets: Universal Backdoor Poisoning Attacks Against Reinforcement Learning Agents, by Ethan Rathbun et al.
SleeperNets: Universal Backdoor Poisoning Attacks Against Reinforcement Learning Agents
by Ethan Rathbun, Christopher Amato, Alina Oprea
First submitted to arxiv on: 30 May 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary The paper investigates reinforcement learning (RL) algorithm robustness against backdoor poisoning attacks during training. The authors explore stealthy attacks that induce a specific action when a pre-determined trigger is observed at inference time. They identify theoretical limitations of prior work and formulate a novel attack framework that guarantees success in the limit. To develop a universal backdoor attack, they propose “SleeperNets” using dynamic reward poisoning techniques. The paper evaluates the attack in six environments across multiple domains, demonstrating significant improvements over existing methods while preserving benign episodic return. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Reinforcement learning is used to make decisions and control systems in many areas like self-driving cars or healthcare. But it’s vulnerable to attacks that can harm people or things. This paper looks at a sneaky kind of attack called backdoor poisoning, where someone manipulates the training data to make an RL agent do something specific when it sees a certain trigger. The researchers found out what some previous studies got wrong and created a new way to launch this kind of attack that’s really good at making it happen. They tested it in six different situations and showed that their method works better than others, while still keeping the agent from doing bad things. |
Keywords
» Artificial intelligence » Inference » Reinforcement learning
