Your Room is not Private: Gradient Inversion Attack on Reinforcement
Learning
- URL: http://arxiv.org/abs/2306.09273v2
- Date: Sun, 17 Sep 2023 23:44:58 GMT
- Title: Your Room is not Private: Gradient Inversion Attack on Reinforcement
Learning
- Authors: Miao Li, Wenhao Ding, Ding Zhao
- Abstract summary: Privacy emerges as a pivotal concern within the realm of embodied AI, as the robot accesses substantial personal information.
This paper proposes an attack on the value-based algorithm and the gradient-based algorithm, utilizing gradient inversion to reconstruct states, actions, and supervision signals.
- Score: 47.96266341738642
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The prominence of embodied Artificial Intelligence (AI), which empowers
robots to navigate, perceive, and engage within virtual environments, has
attracted significant attention, owing to the remarkable advancements in
computer vision and large language models. Privacy emerges as a pivotal concern
within the realm of embodied AI, as the robot accesses substantial personal
information. However, the issue of privacy leakage in embodied AI tasks,
particularly in relation to reinforcement learning algorithms, has not received
adequate consideration in research. This paper aims to address this gap by
proposing an attack on the value-based algorithm and the gradient-based
algorithm, utilizing gradient inversion to reconstruct states, actions, and
supervision signals. The choice of using gradients for the attack is motivated
by the fact that commonly employed federated learning techniques solely utilize
gradients computed based on private user data to optimize models, without
storing or transmitting the data to public servers. Nevertheless, these
gradients contain sufficient information to potentially expose private data. To
validate our approach, we conduct experiments on the AI2THOR simulator and
evaluate our algorithm on active perception, a prevalent task in embodied AI.
The experimental results demonstrate the effectiveness of our method in
successfully reconstructing all information from the data across 120 room
layouts.
Related papers
- Technical Report for the Forgotten-by-Design Project: Targeted Obfuscation for Machine Learning [0.03749861135832072]
This paper explores the concept of the Right to be Forgotten (RTBF) within AI systems, contrasting it with traditional data erasure methods.
We introduce Forgotten by Design, a proactive approach to privacy preservation that integrates instance-specific obfuscation techniques.
Our experiments on the CIFAR-10 dataset demonstrate that our techniques reduce privacy risks by at least an order of magnitude while maintaining model accuracy.
arXiv Detail & Related papers (2025-01-20T15:07:59Z) - Benchmarking Vision Language Model Unlearning via Fictitious Facial Identity Dataset [94.13848736705575]
We introduce Facial Identity Unlearning Benchmark (FIUBench), a novel VLM unlearning benchmark designed to robustly evaluate the effectiveness of unlearning algorithms.
We apply a two-stage evaluation pipeline that is designed to precisely control the sources of information and their exposure levels.
Through the evaluation of four baseline VLM unlearning algorithms within FIUBench, we find that all methods remain limited in their unlearning performance.
arXiv Detail & Related papers (2024-11-05T23:26:10Z) - Adversarial Machine Unlearning [26.809123658470693]
This paper focuses on the challenge of machine unlearning, aiming to remove the influence of specific training data on machine learning models.
Traditionally, the development of unlearning algorithms runs parallel with that of membership inference attacks (MIA), a type of privacy threat.
We propose a game-theoretic framework that integrates MIAs into the design of unlearning algorithms.
arXiv Detail & Related papers (2024-06-11T20:07:22Z) - Layer Attack Unlearning: Fast and Accurate Machine Unlearning via Layer
Level Attack and Knowledge Distillation [21.587358050012032]
We propose a fast and novel machine unlearning paradigm at the layer level called layer attack unlearning.
In this work, we introduce the Partial-PGD algorithm to locate the samples to forget efficiently.
We also use Knowledge Distillation (KD) to reliably learn the decision boundaries from the teacher.
arXiv Detail & Related papers (2023-12-28T04:38:06Z) - On Responsible Machine Learning Datasets with Fairness, Privacy, and Regulatory Norms [56.119374302685934]
There have been severe concerns over the trustworthiness of AI technologies.
Machine and deep learning algorithms depend heavily on the data used during their development.
We propose a framework to evaluate the datasets through a responsible rubric.
arXiv Detail & Related papers (2023-10-24T14:01:53Z) - Human-Centric Multimodal Machine Learning: Recent Advances and Testbed
on AI-based Recruitment [66.91538273487379]
There is a certain consensus about the need to develop AI applications with a Human-Centric approach.
Human-Centric Machine Learning needs to be developed based on four main requirements: (i) utility and social good; (ii) privacy and data ownership; (iii) transparency and accountability; and (iv) fairness in AI-driven decision-making processes.
We study how current multimodal algorithms based on heterogeneous sources of information are affected by sensitive elements and inner biases in the data.
arXiv Detail & Related papers (2023-02-13T16:44:44Z) - Informing Autonomous Deception Systems with Cyber Expert Performance
Data [0.0]
This paper explores the potential to use Inverse Reinforcement Learning (IRL) to gain insight into attacker actions, utilities of those actions, and ultimately decision points which cyber deception could thwart.
The Tularosa study, as one example, provides experimental data of real-world techniques and tools commonly used by attackers, from which core data can be leveraged to inform an autonomous cyber defense system.
arXiv Detail & Related papers (2021-08-31T20:28:09Z) - A Framework for Efficient Robotic Manipulation [79.10407063260473]
We show that a single robotic arm can learn sparse-reward manipulation policies from pixels.
We show that, given only 10 demonstrations, a single robotic arm can learn sparse-reward manipulation policies from pixels.
arXiv Detail & Related papers (2020-12-14T22:18:39Z) - Bias in Multimodal AI: Testbed for Fair Automatic Recruitment [73.85525896663371]
We study how current multimodal algorithms based on heterogeneous sources of information are affected by sensitive elements and inner biases in the data.
We train automatic recruitment algorithms using a set of multimodal synthetic profiles consciously scored with gender and racial biases.
Our methodology and results show how to generate fairer AI-based tools in general, and in particular fairer automated recruitment systems.
arXiv Detail & Related papers (2020-04-15T15:58:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.