Exposing Vulnerabilities in RL: A Novel Stealthy Backdoor Attack through Reward Poisoning

TL;DR

This paper introduces a stealthy backdoor attack on reinforcement learning agents that manipulates reward signals to alter policies, posing a significant security threat to RL systems.

Contribution

It presents a novel reward poisoning attack method that stealthily manipulates RL policies with minimal performance impact in non-triggered states.

Findings

High attack success rates in classic control and MuJoCo environments

Minimal performance drops under normal conditions (<5%)

Significant policy manipulation under trigger conditions (over 70%)

Abstract

Reinforcement learning (RL) has achieved remarkable success across diverse domains, enabling autonomous systems to learn and adapt to dynamic environments by optimizing a reward function. However, this reliance on reward signals creates a significant security vulnerability. In this paper, we study a stealthy backdoor attack that manipulates an agent's policy by poisoning its reward signals. The effectiveness of this attack highlights a critical threat to the integrity of deployed RL systems and calls for urgent defenses against training-time manipulation. We evaluate the attack across classic control and MuJoCo environments. The backdoored agent remains highly stealthy in Hopper and Walker2D, with minimal performance drops of only 2.18 % and 4.59 % under non-triggered scenarios, while achieving strong attack efficacy with up to 82.31% and 71.27% declines under trigger conditions.