TY - JOUR
T1 - A Temporal-Pattern Backdoor Attack to Deep Reinforcement Learning
AU - Yu, Yinbo
AU - Liu, Jiajia
AU - Li, Shouqing
AU - Huang, Kepu
AU - Feng, Xudong
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Deep reinforcement learning (DRL) has made sig-nificant achievements in many real-world applications. But these real-world applications typically can only provide partial ob-servations for making decisions due to occlusions and noisy sensors. However, partial state observability can be used to hide malicious behaviors for backdoors. In this paper, we explore the sequential nature of DRL and propose a novel temporal-pattern backdoor attack to DRL, whose trigger is a set of temporal constraints on a sequence of observations rather than a single observation, and effect can be kept in a controllable duration rather than in the instant. We validate our proposed backdoor attack to a typical job scheduling task in cloud computing. Numerous experimental results show that our backdoor can achieve excellent effectiveness, stealthiness, and sustainability. Our backdoor's average clean data accuracy and attack success rate can reach 97.8% and 97.5%, respectively.
AB - Deep reinforcement learning (DRL) has made sig-nificant achievements in many real-world applications. But these real-world applications typically can only provide partial ob-servations for making decisions due to occlusions and noisy sensors. However, partial state observability can be used to hide malicious behaviors for backdoors. In this paper, we explore the sequential nature of DRL and propose a novel temporal-pattern backdoor attack to DRL, whose trigger is a set of temporal constraints on a sequence of observations rather than a single observation, and effect can be kept in a controllable duration rather than in the instant. We validate our proposed backdoor attack to a typical job scheduling task in cloud computing. Numerous experimental results show that our backdoor can achieve excellent effectiveness, stealthiness, and sustainability. Our backdoor's average clean data accuracy and attack success rate can reach 97.8% and 97.5%, respectively.
KW - Backdoor attack
KW - deep reinforcement learning
KW - temporal feature
UR - http://www.scopus.com/inward/record.url?scp=85143680739&partnerID=8YFLogxK
U2 - 10.1109/GLOBECOM48099.2022.10000751
DO - 10.1109/GLOBECOM48099.2022.10000751
M3 - 会议文章
AN - SCOPUS:85143680739
SN - 2334-0983
SP - 2710
EP - 2715
JO - Proceedings - IEEE Global Communications Conference, GLOBECOM
JF - Proceedings - IEEE Global Communications Conference, GLOBECOM
T2 - 2022 IEEE Global Communications Conference, GLOBECOM 2022
Y2 - 4 December 2022 through 8 December 2022
ER -