Data Poisoning Attacks on Stochastic Bandits

TL;DR

This paper investigates adversarial attacks on stochastic bandit algorithms, revealing vulnerabilities where attackers can manipulate rewards to hijack decision-making with minimal cost, posing security risks.

Contribution

It introduces a framework for offline and online attacks on bandit algorithms, including an adaptive attack strategy effective against any bandit algorithm.

Findings

Attacker can force bandits to choose a target arm with high probability.

Adaptive attack causes linear regret with logarithmic attacker cost.

Reveals significant security vulnerabilities in stochastic bandit algorithms.

Abstract

Stochastic multi-armed bandits form a class of online learning problems that have important applications in online recommendation systems, adaptive medical treatment, and many others. Even though potential attacks against these learning algorithms may hijack their behavior, causing catastrophic loss in real-world applications, little is known about adversarial attacks on bandit algorithms. In this paper, we propose a framework of offline attacks on bandit algorithms and study convex optimization based attacks on several popular bandit algorithms. We show that the attacker can force the bandit algorithm to pull a target arm with high probability by a slight manipulation of the rewards in the data. Then we study a form of online attacks on bandit algorithms and propose an adaptive attack strategy against any bandit algorithm without the knowledge of the bandit algorithm. Our adaptive attack strategy can hijack the behavior of the bandit algorithm to suffer a linear regret with only a logarithmic cost to the attacker. Our results demonstrate a significant security threat to stochastic bandits.