Adversarial observations in probabilistic State-Space Models for robust Reinforcement Learning

Santos-Pascual, M., Insua, D. Ríos

arXiv.org Machine Learning 

Machine learning (ML) systems increasingly support decision-making in high-stakes settings such as robotics, autonomous systems, finance, homeland security, and critical infrastructure protection. In these domains, robustness and reliability are essential because failures can translate into physical harm, financial loss, or operational breakdown (García and Fernández, 2015). A recurring weakness is that many ML pipelines implicitly assume that training and deployment data are independent and identically distributed (i.i.d.), even though real deployments often violate this assumption through sensor drift, changing environments, and distribution shift (Quiñonero-Candela et al., 2009). In security-relevant contexts, this problem is amplified because adversaries can deliberately manipulate observations, rewards, or the environment to induce targeted shifts and drive the system toward failure (Barreno et al., 2006; Biggio and Roli, 2018; Vassilev et al., 2024). These concerns motivate the relatively recent field of adversarial machine learning (AML), which studies how malicious perturbations can break learning systems and how to design defenses against them (Biggio and Roli, 2018; Goodfellow, Shlens and Szegedy, 2015).