A Temporal-Pattern Backdoor Attack to Deep Reinforcement Learning

TL;DR

This paper introduces a novel temporal-pattern backdoor attack on deep reinforcement learning that uses sequences of observations as triggers, demonstrating high effectiveness and stealthiness in cloud computing tasks.

Contribution

It proposes a new backdoor attack leveraging temporal constraints in DRL, which is more stealthy and controllable than traditional single-observation triggers.

Findings

Achieves 97.8% clean data accuracy

Attains 97.5% attack success rate

Effective in cloud job scheduling tasks

Abstract

Deep reinforcement learning (DRL) has made significant achievements in many real-world applications. But these real-world applications typically can only provide partial observations for making decisions due to occlusions and noisy sensors. However, partial state observability can be used to hide malicious behaviors for backdoors. In this paper, we explore the sequential nature of DRL and propose a novel temporal-pattern backdoor attack to DRL, whose trigger is a set of temporal constraints on a sequence of observations rather than a single observation, and effect can be kept in a controllable duration rather than in the instant. We validate our proposed backdoor attack to a typical job scheduling task in cloud computing. Numerous experimental results show that our backdoor can achieve excellent effectiveness, stealthiness, and sustainability. Our backdoor's average clean data accuracy and attack success rate can reach 97.8% and 97.5%, respectively.