Hiding in Plain Sight: Differential Privacy Noise Exploitation for Evasion-resilient Localized Poisoning Attacks in Multiagent Reinforcement Learning

TL;DR

This paper uncovers a new poisoning threat in multiagent reinforcement learning that exploits differential privacy noise, demonstrating an attack that hampers learning while evading detection.

Contribution

It introduces PeLPA, an adaptive poisoning attack leveraging DP noise to evade detection and disrupt CMARL convergence, a novel approach in privacy-preserving multiagent systems.

Findings

PeLPA increases steps to goal by over 50% in medium environments.

The attack causes 1.4 to 1.6 times longer time to reach optimal reward.

PeLPA effectively evades anomaly detection while degrading learning performance.

Abstract

Lately, differential privacy (DP) has been introduced in cooperative multiagent reinforcement learning (CMARL) to safeguard the agents' privacy against adversarial inference during knowledge sharing. Nevertheless, we argue that the noise introduced by DP mechanisms may inadvertently give rise to a novel poisoning threat, specifically in the context of private knowledge sharing during CMARL, which remains unexplored in the literature. To address this shortcoming, we present an adaptive, privacy-exploiting, and evasion-resilient localized poisoning attack (PeLPA) that capitalizes on the inherent DP-noise to circumvent anomaly detection systems and hinder the optimal convergence of the CMARL model. We rigorously evaluate our proposed PeLPA attack in diverse environments, encompassing both non-adversarial and multiple-adversarial contexts. Our findings reveal that, in a medium-scale environment, the PeLPA attack with attacker ratios of 20% and 40% can lead to an increase in average steps to goal by 50.69% and 64.41%, respectively. Furthermore, under similar conditions, PeLPA can result in a 1.4x and 1.6x computational time increase in optimal reward attainment and a 1.18x and 1.38x slower convergence for attacker ratios of 20% and 40%, respectively.