Where Did You Learn That From? Surprising Effectiveness of Membership
Inference Attacks Against Temporally Correlated Data in Deep Reinforcement
Learning
- URL: http://arxiv.org/abs/2109.03975v1
- Date: Wed, 8 Sep 2021 23:44:57 GMT
- Title: Where Did You Learn That From? Surprising Effectiveness of Membership
Inference Attacks Against Temporally Correlated Data in Deep Reinforcement
Learning
- Authors: Maziar Gomrokchi, Susan Amin, Hossein Aboutalebi, Alexander Wong,
Doina Precup
- Abstract summary: A major challenge to widespread industrial adoption of deep reinforcement learning is the potential vulnerability to privacy breaches.
We propose an adversarial attack framework tailored for testing the vulnerability of deep reinforcement learning algorithms to membership inference attacks.
- Score: 114.9857000195174
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: While significant research advances have been made in the field of deep
reinforcement learning, a major challenge to widespread industrial adoption of
deep reinforcement learning that has recently surfaced but little explored is
the potential vulnerability to privacy breaches. In particular, there have been
no concrete adversarial attack strategies in literature tailored for studying
the vulnerability of deep reinforcement learning algorithms to membership
inference attacks. To address this gap, we propose an adversarial attack
framework tailored for testing the vulnerability of deep reinforcement learning
algorithms to membership inference attacks. More specifically, we design a
series of experiments to investigate the impact of temporal correlation, which
naturally exists in reinforcement learning training data, on the probability of
information leakage. Furthermore, we study the differences in the performance
of \emph{collective} and \emph{individual} membership attacks against deep
reinforcement learning algorithms. Experimental results show that the proposed
adversarial attack framework is surprisingly effective at inferring the data
used during deep reinforcement training with an accuracy exceeding $84\%$ in
individual and $97\%$ in collective mode on two different control tasks in
OpenAI Gym, which raises serious privacy concerns in the deployment of models
resulting from deep reinforcement learning. Moreover, we show that the learning
state of a reinforcement learning algorithm significantly influences the level
of the privacy breach.
Related papers
- FEDLAD: Federated Evaluation of Deep Leakage Attacks and Defenses [50.921333548391345]
Federated Learning is a privacy preserving decentralized machine learning paradigm.
Recent research has revealed that private ground truth data can be recovered through a gradient technique known as Deep Leakage.
This paper introduces the FEDLAD Framework (Federated Evaluation of Deep Leakage Attacks and Defenses), a comprehensive benchmark for evaluating Deep Leakage attacks and defenses.
arXiv Detail & Related papers (2024-11-05T11:42:26Z) - PGN: A perturbation generation network against deep reinforcement
learning [8.546103661706391]
We propose a novel generative model for creating effective adversarial examples to attack the agent.
Considering the specificity of deep reinforcement learning, we propose the action consistency ratio as a measure of stealthiness.
arXiv Detail & Related papers (2023-12-20T10:40:41Z) - Adversarial Robustness Unhardening via Backdoor Attacks in Federated
Learning [13.12397828096428]
Adversarial Robustness Unhardening (ARU) is employed by a subset of adversaries to intentionally undermine model robustness during decentralized training.
We present empirical experiments evaluating ARU's impact on adversarial training and existing robust aggregation defenses against poisoning and backdoor attacks.
arXiv Detail & Related papers (2023-10-17T21:38:41Z) - Protecting Split Learning by Potential Energy Loss [70.81375125791979]
We focus on the privacy leakage from the forward embeddings of split learning.
We propose the potential energy loss to make the forward embeddings become more 'complicated'
arXiv Detail & Related papers (2022-10-18T06:21:11Z) - Improving robustness of jet tagging algorithms with adversarial training [56.79800815519762]
We investigate the vulnerability of flavor tagging algorithms via application of adversarial attacks.
We present an adversarial training strategy that mitigates the impact of such simulated attacks.
arXiv Detail & Related papers (2022-03-25T19:57:19Z) - Interpretable and Effective Reinforcement Learning for Attacking against
Graph-based Rumor Detection [12.726403718158082]
Social networks are polluted by rumors, which can be detected by machine learning models.
Certain vulnerabilities are due to dependencies on the graphs and suspiciousness ranking.
With a black-box detector, we design features capturing the dependencies to allow a reinforcement learning to learn an effective and interpretable attack policy.
arXiv Detail & Related papers (2022-01-15T10:06:29Z) - Curse or Redemption? How Data Heterogeneity Affects the Robustness of
Federated Learning [51.15273664903583]
Data heterogeneity has been identified as one of the key features in federated learning but often overlooked in the lens of robustness to adversarial attacks.
This paper focuses on characterizing and understanding its impact on backdooring attacks in federated learning through comprehensive experiments using synthetic and the LEAF benchmarks.
arXiv Detail & Related papers (2021-02-01T06:06:21Z) - Sampling Attacks: Amplification of Membership Inference Attacks by
Repeated Queries [74.59376038272661]
We introduce sampling attack, a novel membership inference technique that unlike other standard membership adversaries is able to work under severe restriction of no access to scores of the victim model.
We show that a victim model that only publishes the labels is still susceptible to sampling attacks and the adversary can recover up to 100% of its performance.
For defense, we choose differential privacy in the form of gradient perturbation during the training of the victim model as well as output perturbation at prediction time.
arXiv Detail & Related papers (2020-09-01T12:54:54Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.