Data Poisoning Attacks in Contextual Bandits
Ma, Yuzhe, Jun, Kwang-Sung, Li, Lihong, Zhu, Xiaojin
We study offline data poisoning attacks in contextual bandits, a class of reinforcement learning problems with important applications in online recommendation and adaptive medical treatment, among others. We provide a general attack framework based on convex optimization and show that by slightly manipulating rewards in the data, an attacker can force the bandit algorithm to pull a target arm for a target contextual vector. The target arm and target contextual vector are both chosen by the attacker. That is, the attacker can hijack the behavior of a contextual bandit. We also investigate the feasibility and the side effects of such attacks, and identify future directions for defense. Experiments on both synthetic and real-world data demonstrate the efficiency of the attack algorithm.
Aug-23-2018
- Country:
- North America > United States
- Wisconsin > Dane County
- Madison (0.04)
- Washington > King County
- Kirkland (0.04)
- Wisconsin > Dane County
- Europe > United Kingdom
- England > Cambridgeshire > Cambridge (0.04)
- North America > United States
- Genre:
- Research Report (0.82)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: