398 research outputs found
Byzantine Robust Cooperative Multi-Agent Reinforcement Learning as a Bayesian Game
In this study, we explore the robustness of cooperative multi-agent
reinforcement learning (c-MARL) against Byzantine failures, where any agent can
enact arbitrary, worst-case actions due to malfunction or adversarial attack.
To address the uncertainty that any agent can be adversarial, we propose a
Bayesian Adversarial Robust Dec-POMDP (BARDec-POMDP) framework, which views
Byzantine adversaries as nature-dictated types, represented by a separate
transition. This allows agents to learn policies grounded on their posterior
beliefs about the type of other agents, fostering collaboration with identified
allies and minimizing vulnerability to adversarial manipulation. We define the
optimal solution to the BARDec-POMDP as an ex post robust Bayesian Markov
perfect equilibrium, which we proof to exist and weakly dominates the
equilibrium of previous robust MARL approaches. To realize this equilibrium, we
put forward a two-timescale actor-critic algorithm with almost sure convergence
under specific conditions. Experimentation on matrix games, level-based
foraging and StarCraft II indicate that, even under worst-case perturbations,
our method successfully acquires intricate micromanagement skills and
adaptively aligns with allies, demonstrating resilience against non-oblivious
adversaries, random allies, observation-based attacks, and transfer-based
attacks
Finding Needles in a Moving Haystack: Prioritizing Alerts with Adversarial Reinforcement Learning
Detection of malicious behavior is a fundamental problem in security. One of
the major challenges in using detection systems in practice is in dealing with
an overwhelming number of alerts that are triggered by normal behavior (the
so-called false positives), obscuring alerts resulting from actual malicious
activity. While numerous methods for reducing the scope of this issue have been
proposed, ultimately one must still decide how to prioritize which alerts to
investigate, and most existing prioritization methods are heuristic, for
example, based on suspiciousness or priority scores. We introduce a novel
approach for computing a policy for prioritizing alerts using adversarial
reinforcement learning. Our approach assumes that the attackers know the full
state of the detection system and dynamically choose an optimal attack as a
function of this state, as well as of the alert prioritization policy. The
first step of our approach is to capture the interaction between the defender
and attacker in a game theoretic model. To tackle the computational complexity
of solving this game to obtain a dynamic stochastic alert prioritization
policy, we propose an adversarial reinforcement learning framework. In this
framework, we use neural reinforcement learning to compute best response
policies for both the defender and the adversary to an arbitrary stochastic
policy of the other. We then use these in a double-oracle framework to obtain
an approximate equilibrium of the game, which in turn yields a robust
stochastic policy for the defender. Extensive experiments using case studies in
fraud and intrusion detection demonstrate that our approach is effective in
creating robust alert prioritization policies.Comment: v1.
Adversarial Reprogramming of Text Classification Neural Networks
Adversarial Reprogramming has demonstrated success in utilizing pre-trained
neural network classifiers for alternative classification tasks without
modification to the original network. An adversary in such an attack scenario
trains an additive contribution to the inputs to repurpose the neural network
for the new classification task. While this reprogramming approach works for
neural networks with a continuous input space such as that of images, it is not
directly applicable to neural networks trained for tasks such as text
classification, where the input space is discrete. Repurposing such
classification networks would require the attacker to learn an adversarial
program that maps inputs from one discrete space to the other. In this work, we
introduce a context-based vocabulary remapping model to reprogram neural
networks trained on a specific sequence classification task, for a new sequence
classification task desired by the adversary. We propose training procedures
for this adversarial program in both white-box and black-box settings. We
demonstrate the application of our model by adversarially repurposing various
text-classification models including LSTM, bi-directional LSTM and CNN for
alternate classification tasks
- …