survey

Security and Privacy Issues in Deep Reinforcement Learning: Threats and Countermeasures

Authors:
Kanghua Mo

Guangzhou University, Guangzhou, Guangdong, China and Guangdong Provincial Key Laboratory of Blockchain Security, Guangzhou, Guangdong, China

Guangzhou University, Guangzhou, Guangdong, China and Guangdong Provincial Key Laboratory of Blockchain Security, Guangzhou, Guangdong, China

0000-0002-3762-674X
Search about this author

,
Peigen Ye

Beijing Institute of Technology, Guangzhou, Guangdong, China

Beijing Institute of Technology, Guangzhou, Guangdong, China

0009-0004-9570-7566
Search about this author

,
Xiaojun Ren

Guangzhou University, Guangzhou, Guangdong, China and Guangdong Provincial Key Laboratory of Blockchain Security, Guangzhou, Guangdong, China

Guangzhou University, Guangzhou, Guangdong, China and Guangdong Provincial Key Laboratory of Blockchain Security, Guangzhou, Guangdong, China

0000-0003-2837-5157
Search about this author

,
Shaowei Wang

Guangzhou University, Guangzhou, Guangdong, China

Guangzhou University, Guangzhou, Guangdong, China

0000-0003-1577-1193
Search about this author

,
Wenjun Li

Guangzhou University, Guangzhou, Guangdong, China

Guangzhou University, Guangzhou, Guangdong, China

0009-0008-3244-4251
Search about this author

,
Jin Li

Guangzhou University, Guangzhou, Guangdong, China and Guangdong Provincial Key Laboratory of Blockchain Security, Guangzhou, Guangdong, China

Guangzhou University, Guangzhou, Guangdong, China and Guangdong Provincial Key Laboratory of Blockchain Security, Guangzhou, Guangdong, China

0000-0003-0385-8793
Search about this author

Authors Info & Claims

ACM Computing Surveys Volume 56 Issue 6Article No.: 152pp 1–39https://doi.org/10.1145/3640312

Published:23 February 2024Publication History

ACM Computing Surveys

Abstract

Deep Reinforcement Learning (DRL) is an essential subfield of Artificial Intelligence (AI), where agents interact with environments to learn policies for solving complex tasks. In recent years, DRL has achieved remarkable breakthroughs in various tasks, including video games, robotic control, quantitative trading, and autonomous driving. Despite its accomplishments, security and privacy-related issues still prevent us from deploying trustworthy DRL applications. For example, by manipulating the environment, an attacker can influence an agent’s actions, misleading it to behave abnormally. Additionally, an attacker can infer private training data and environmental information by maliciously interacting with DRL models, causing a privacy breach. In this survey, we systematically investigate the recent progress of security and privacy issues in the context of DRL. First, we present a holistic review of security-related attacks within DRL systems from the perspectives of single-agent and multi-agent systems and review privacy-related attacks. Second, we review and classify defense methods used to address security-related challenges, including robust learning, anomaly detection, and game theory approaches. Third, we review and classify privacy-preserving technologies, including encryption, differential privacy, and policy confusion. We conclude the survey by discussing open issues and possible directions for future research in this field.

REFERENCES

[1] Abadi Martin, Chu Andy, Goodfellow Ian, McMahan H. Brendan, Mironov Ilya, Talwar Kunal, and Zhang Li. 2016. Deep learning with differential privacy. In ACM SIGSAC Conference on Computer and Communications Security. 308–318.Google ScholarDigital Library
[2] Abahussein Suleiman, Cheng Zishuo, Zhu Tianqing, Ye Dayong, and Zhou Wanlei. 2022. Privacy-preserving in double deep-Q-network with differential privacy in continuous spaces. In Australasian Joint Conference on Artificial Intelligence. Springer, 15–26.Google ScholarDigital Library
[3] Al-Shedivat Maruan, Bansal Trapit, Burda Yuri, Sutskever Ilya, Mordatch Igor, and Abbeel Pieter. 2017. Continuous adaptation via meta-learning in nonstationary and competitive environments. Learning (2017).Google Scholar
[4] Andrychowicz Marcin, Baker Bowen, Chociej Maciek, Jozefowicz Rafal, McGrew Bob, Pachocki Jakub, Petron Arthur, Plappert Matthias, Powell Glenn, Ray Alex, et al. 2020. Learning dexterous in-hand manipulation. Int. J. Robot. Res. 39, 1 (2020), 3–20.Google ScholarDigital Library
[5] Ashcraft Chace and Karra Kiran. 2021. Poisoning deep reinforcement learning agents with in-distribution triggers. arXiv: Learning (2021).Google Scholar
[6] Ateniese Giuseppe, Felici Giovanni, Mancini Luigi V., Spognardi Angelo, Villani Antonio, and Vitali Domenico. 2013. Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. arXiv preprint arXiv:1306.4447 (2013).Google Scholar
[7] Ayoub Alex, Jia Zeyu, Szepesvari Csaba, Wang Mengdi, and Yang Lin. 2020. Model-based reinforcement learning with value-targeted regression. In International Conference on Machine Learning. PMLR, 463–474.Google Scholar
[8] Bai Yuntao, Jones Andy, Ndousse Kamal, Askell Amanda, Chen Anna, DasSarma Nova, Drain Dawn, Fort Stanislav, Ganguli Deep, Henighan Tom, et al. 2022. Training a helpful and harmless assistant with reinforcement learning from human feedback. arXiv preprint arXiv:2204.05862 (2022).Google Scholar
[9] Balle Borja, Gomrokchi Maziar, and Precup Doina. 2016. Differentially private policy evaluation. In International Conference on Machine Learning. PMLR, 2130–2138.Google Scholar
[10] Bansal Trapit, Pachocki Jakub, Sidor Szymon, Sutskever Ilya, and Mordatch Igor. 2018. Emergent complexity via multi-agent competition. In International Conference on Learning Representations.Google Scholar
[11] Behzadan Vahid and Hsu William. 2019. Adversarial exploitation of policy imitation. arXiv preprint arXiv:1906.01121 (2019).Google Scholar
[12] Behzadan Vahid and Munir Arslan. 2017. Vulnerability of deep reinforcement learning to policy induction attacks. Mach. Learn. Data Min. Pattern Recog. (2017).Google Scholar
[13] Behzadan Vahid and Munir Arslan. 2018. The faults in our pi stars: Security issues and open challenges in deep reinforcement learning. arXiv: Learning (2018).Google Scholar
[14] Bellman Richard. 1952. On the theory of dynamic programming. ProcNat’l Acad. Sci. 38, 8 (1952), 716–719.Google ScholarCross Ref
[15] Blumenkamp Jan and Prorok Amanda. 2020. The emergence of adversarial communication in multi-agent reinforcement learning. In Conference on Robot Learning.Google Scholar
[16] Cai Kanting, Zhu Xiangbin, and Hu Zhao-Long. 2022. Black-box reward attacks against deep reinforcement learning based on successor representation.Google Scholar
[17] Canese Lorenzo, Cardarilli Gian Carlo, Nunzio Luca Di, Fazzolari Rocco, Giardino Daniele, Re Marco, and Spanò Sergio. 2021. Multi-agent reinforcement learning: A review of challenges and applications. Appl. Sci. 11, 11 (2021), 4948.Google ScholarCross Ref
[18] Chan Patrick P. K., Wang Yaxuan, and Yeung Daniel S.. 2020. Adversarial attack against deep reinforcement learning with static reward impact map. Comput. Commun. Secur. (2020).Google Scholar
[19] Chang Hongyan and Shokri Reza. 2021. On the privacy risks of algorithmic fairness. In IEEE European Symposium on Security and Privacy (EuroS&P’21). IEEE, 292–303.Google Scholar
[20] Chen Jianyu, Li Shengbo Eben, and Tomizuka Masayoshi. 2020. Interpretable end-to-end urban autonomous driving with latent deep reinforcement learning. IEEE Trans. Intell. Transport. Syst. (2020).Google Scholar
[21] Chen Kangjie, Guo Shangwei, Zhang Tianwei, Li Shuxin, and Liu Yang. 2021. Temporal watermarks for deep reinforcement learning models. Auton. Agents. Multi-agent Syst. (2021).Google Scholar
[22] Chen Kangjie, Guo Shangwei, Zhang Tianwei, Xie Xiaofei, and Liu Yang. 2021. Stealing deep reinforcement learning models for fun and profit. In ACM Asia Conference on Computer and Communications Security. 307–319.Google ScholarDigital Library
[23] Chen Pin-Yu, Zhang Huan, Sharma Yash, Yi Jinfeng, and Hsieh Cho-Jui. 2017. ZOO: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. In 10th ACM Workshop on Artificial Intelligence and Security.Google Scholar
[24] Chen Tianlong, Zhang Huan, Zhang Zhenyu, Chang Shiyu, Liu Sijia, Chen Pin-Yu, and Wang Zhangyang. 2022. Linearity grafting: Relaxed neuron pruning helps certifiable robustness. In International Conference on Machine Learning. PMLR, 3760–3772.Google Scholar
[25] Chen Xiaocong, Yao Lina, McAuley Julian, Zhou Guanglin, and Wang Xianzhi. 2023. Deep reinforcement learning in recommender systems: A survey and new perspectives. Knowl.-based Syst. 264 (2023), 110335.Google ScholarDigital Library
[26] Chou Edward, Tramer Florian, and Pellegrino Giancarlo. 2020. SentiNet: Detecting localized universal attacks against deep learning systems. In IEEE Security and Privacy Workshops (SPW’20). IEEE, 48–54.Google Scholar
[27] Chowdhury Sayak Ray and Zhou Xingyu. 2021. Differentially private regret minimization in episodic Markov decision processes. arXiv preprint arXiv:2112.10599 (2021).Google Scholar
[28] Chowdhury Sayak Ray, Zhou Xingyu, and Shroff Ness. 2021. Adaptive control of differentially private linear quadratic systems. In IEEE International Symposium on Information Theory (ISIT’21). IEEE, 485–490.Google Scholar
[29] Cohen Jeremy, Rosenfeld Elan, and Kolter Zico. 2019. Certified adversarial robustness via randomized smoothing. In International Conference on Machine Learning. PMLR, 1310–1320.Google Scholar
[30] Dann Christoph, Lattimore Tor, and Brunskill Emma. 2017. Unifying PAC and regret: Uniform PAC bounds for episodic reinforcement learning. Adv. Neural Inf. Process. Syst. 30 (2017).Google Scholar
[31] Degris Thomas, White Martha, and Sutton Richard S.. 2012. Off-policy actor-critic. arXiv preprint arXiv:1205.4839 (2012).Google Scholar
[32] Dwork Cynthia, McSherry Frank, Nissim Kobbi, and Smith Adam. 2006. Calibrating noise to sensitivity in private data analysis. In Theory of Cryptography Conference. Springer, 265–284.Google ScholarDigital Library
[33] Fredrikson Matthew, Lantz Eric, Jha Somesh, Lin Simon, Page David, and Ristenpart Thomas. 2014. Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing. In 23rd USENIX Security Symposium (USENIX Security’14). 17–32.Google Scholar
[34] Fujimoto Ted, Doster Timothy, Attarian Adam, Brandenberger Jill, and Hodas Nathan. 2022. Reward-free attacks in multi-agent reinforcement learning.Google Scholar
[35] Ganju Karan, Wang Qi, Yang Wei, Gunter Carl A., and Borisov Nikita. 2018. Property inference attacks on fully connected neural networks using permutation invariant representations. In ACM SIGSAC Conference on Computer and Communications Security. 619–633.Google ScholarDigital Library
[36] Garcelon Evrard, Perchet Vianney, Pike-Burke Ciara, and Pirotta Matteo. 2021. Local differential privacy for regret minimization in reinforcement learning. Adv. Neural Inf. Process. Syst. 34 (2021).Google Scholar
[37] Gharagozlou Hamid, Mohammadzadeh Javad, Bastanfard Azam, and Ghidary Saeed Shiry. 2022. RLAS-BIABC: A reinforcement learning-based answer selection using the BERT model boosted by an improved ABC algorithm. Computat. Intell. Neurosci. 2022 (2022).Google Scholar
[38] Gleave Adam, Dennis Michael, Wild Cody, Kant Neel, Levine Sergey, and Russell Stuart. 2019. Adversarial policies: Attacking deep reinforcement learning. In International Conference on Learning Representations.Google Scholar
[39] Gohari Parham, Chen Bo, Wu Bo, Hale Matthew, and Topcu Ufuk. 2021. Privacy-preserving kickstarting deep reinforcement learning with privacy-aware learners. arXiv preprint arXiv:2102.09599 (2021).Google Scholar
[40] Gohari Parham, Hale Matthew, and Topcu Ufuk. 2020. Privacy-preserving policy synthesis in Markov decision processes. In 59th IEEE Conference on Decision and Control (CDC’20). IEEE, 6266–6271.Google ScholarDigital Library
[41] Gohari Parham, Wu Bo, Hale Matthew, and Topcu Ufuk. 2020. The Dirichlet mechanism for differential privacy on the unit simplex. In American Control Conference (ACC’20). IEEE, 1253–1258.Google ScholarCross Ref
[42] Gomrokchi Maziar, Amin Susan, Aboutalebi Hossein, Wong Alexander, and Precup Doina. 2021. Where did you learn that from? Surprising effectiveness of membership inference attacks against temporally correlated data in deep reinforcement learning. arXiv preprint arXiv:2109.03975 (2021).Google Scholar
[43] Goodfellow Ian, Shlens Jonathon, and Szegedy Christian. 2014. Explaining and harnessing adversarial examples. arXiv: Machine Learning (2014).Google Scholar
[44] Guo Jun, Chen Yonghong, Hao Yihang, Yin Zixin, Yu Yin, and Li Simin. 2022. Towards comprehensive testing on the robustness of cooperative multi-agent reinforcement learning. In IEEE/CVF Conference on Computer Vision and Pattern Recognition. 115–122.Google ScholarCross Ref
[45] Guo Wenbo, Wu Xian, Huang Sui, and Xing Xinyu. 2021. Adversarial policy learning in two-player competitive games. In International Conference on Machine Learning.Google Scholar
[46] Hall Rob, Rinaldo Alessandro, and Wasserman Larry. 2013. Differential privacy for functions and functional data. J. Mach. Learn. Res. 14, 1 (2013), 703–727.Google ScholarDigital Library
[47] Hambly Ben, Xu Renyuan, and Yang Huining. 2023. Recent advances in reinforcement learning in finance. Math. Finance 33, 3 (2023), 437–503.Google ScholarCross Ref
[48] Hassan Ali, Deka Deepjyoti, and Dvorkin Yury. 2021. Privacy-aware load ensemble control: A linearly-solvable MDP approach. IEEE Trans. Smart Grid 13, 1 (2021), 255–267.Google ScholarCross Ref
[49] He Yingzhe, Meng Guozhu, Chen Kai, Hu Xingbo, and He Jinwen. 2019. Towards privacy and security of deep learning systems: A survey. arXiv preprint arXiv:1911.12562 (2019).Google Scholar
[50] Hickling Thomas, Aouf Nabil, and Spencer Phillippa. 2022. Robust adversarial attacks detection based on explainable deep reinforcement learning for UAV guidance and planning.Google Scholar
[51] Hitaj Briland, Ateniese Giuseppe, and Perez-Cruz Fernando. 2017. Deep models under the GAN: Information leakage from collaborative deep learning. In ACM SIGSAC Conference on Computer and Communications Security. 603–618.Google ScholarDigital Library
[52] Huai Mengdi, Sun Jianhui, Cai Renqin, Yao Liuyi, and Zhang Aidong. 2020. Malicious attacks against deep reinforcement learning interpretations. Knowl. Discov. Data Min. (2020).Google Scholar
[53] Huang Sandy H., Papernot Nicolas, Goodfellow Ian, Duan Yan, and Abbeel Pieter. 2017. Adversarial attacks on neural network policies. Learning (2017).Google Scholar
[54] Huang Yunhan and Zhu Quanyan. 2019. Deceptive reinforcement learning under adversarial manipulations on cost signals. Decis. Game Theor. Secur. (2019).Google Scholar
[55] Hussenot Léonard, Geist Matthieu, and Pietquin Olivier. 2019. CopyCAT: Taking control of neural policies with constant attacks. Adapt. Agents Multi-agents Syst. (2019).Google Scholar
[56] Ilahi Inaam, Usama Muhammad, Qadir Junaid, Janjua Muhammad Umar, Al-Fuqaha Ala, Hoang Dinh Thai, and Niyato Dusit. 2020. Challenges and countermeasures for adversarial attacks on deep reinforcement learning. arXiv: Learning (2020).Google Scholar
[57] Inkawhich Matthew, Chen Yi, and Li Hai. 2020. Snooping attacks on deep reinforcement learning. Adapt. Agents Multi-agents Syst. (2020).Google Scholar
[58] Jaques Natasha, Lazaridou Angeliki, Hughes Edward, Gulcehre Caglar, Ortega Pedro A., Strouse D. J., Leibo Joel Z., and Freitas Nando de. 2018. Social influence as intrinsic motivation for multi-agent deep reinforcement learning. arXiv: Learning (2018).Google Scholar
[59] Jesu Alberto, Darvariu Victor-Alexandru, Staffolani Alessandro, Montanari Rebecca, and Musolesi Mirco. 2021. Reinforcement learning on encrypted data. arXiv preprint arXiv:2109.08236 (2021).Google Scholar
[60] Jia Jinyuan, Salem Ahmed, Backes Michael, Zhang Yang, and Gong Neil Zhenqiang. 2019. MemGuard: Defending against black-box membership inference attacks via adversarial examples. In ACM SIGSAC Conference on Computer and Communications Security. 259–274.Google ScholarDigital Library
[61] Jiang Jiechuan and Lu Zongqing. 2018. Learning attentional communication for multi-agent cooperation. Neural Inf. Process. Syst. (2018).Google Scholar
[62] Jin-Yin Chen, Zhang Yan, Xue-Ke Wang, Cai Hong-Bin, Jue Wang, Shou-Ling J. I., Yan Zhang, Hong-Bin Cai, and Shou Ji. 2022. A survey of attack, defense and related security analysis for deep reinforcement learning.Google Scholar
[63] Juuti Mika, Szyller Sebastian, Marchal Samuel, and Asokan N.. 2019. PRADA: Protecting against DNN model stealing attacks. In IEEE European Symposium on Security and Privacy (EuroS&P’19). IEEE, 512–527.Google Scholar
[64] Kesarwani Manish, Mukhoty Bhaskar, Arya Vijay, and Mehta Sameep. 2018. Model extraction warning in MLaaS paradigm. In 34th Annual Computer Security Applications Conference. 371–380.Google ScholarDigital Library
[65] Kiourti Panagiota, Wardega Kacper, Jha Susmit, and Li Wenchao. 2020. TrojDRL: Evaluation of backdoor attacks on deep reinforcement learning. In 57th ACM/IEEE Design Automation Conference (DAC’20). IEEE, 1–6.Google ScholarCross Ref
[66] Kiran B. Ravi, Sobh Ibrahim, Talpaert Victor, Mannion Patrick, Sallab Ahmad A. Al, Yogamani Senthil, and Pérez Patrick. 2021. Deep reinforcement learning for autonomous driving: A survey. IEEE Trans. Intell. Transport. Syst. 23, 6 (2021), 4909–4926.Google ScholarCross Ref
[67] Kos Jernej and Song Dawn. 2017. Delving into adversarial attacks on deep policies. Learning (2017).Google Scholar
[68] Kurakin Alexey, Goodfellow Ian, and Bengio Samy. 2016. Adversarial examples in the physical world. Learning (2016).Google Scholar
[69] Lan Li-Cheng, Zhang Huan, and Hsieh Cho-Jui. 2023. Can agents run relay race with strangers? Generalization of RL to out-of-distribution trajectories. arXiv preprint arXiv:2304.13424 (2023).Google Scholar
[70] Lebensold Jonathan, Hamilton William, Balle Borja, and Precup Doina. 2019. Actor critic with differentially private critic. arXiv preprint arXiv:1910.05876 (2019).Google Scholar
[71] Lee Xian Yeow, Ghadai Sambit, Tan Kai Liang, Hegde Chinmay, and Sarkar Soumik. 2020. Spatiotemporally constrained action space attacks on deep reinforcement learning agents. In National Conference on Artificial Intelligence.Google ScholarCross Ref
[72] Lee Xian Yeow, Havens Aaron J., Chowdhary Girish, and Sarkar Soumik. 2019. Learning to cope with adversarial attacks. arXiv: Learning (2019).Google Scholar
[73] Liao Chonghua, He Jiafan, and Gu Quanquan. 2021. Locally differentially private reinforcement learning for linear mixture Markov decision processes. arXiv preprint arXiv:2110.10133 (2021).Google Scholar
[74] Lillicrap Timothy P., Hunt Jonathan J., Pritzel Alexander, Heess Nicolas, Erez Tom, Tassa Yuval, Silver David, and Wierstra Daan. 2015. Continuous control with deep reinforcement learning. arXiv preprint arXiv:1509.02971 (2015).Google Scholar
[75] Lin Jieyu, Dzeparoska Kristina, Zhang Sai Qian, Leon-Garcia Alberto, and Papernot Nicolas. 2020. On the robustness of cooperative multi-agent reinforcement learning. In IEEE Symposium on Security and Privacy.Google Scholar
[76] Lin Yuanguo, Liu Yong, Lin Fan, Zou Lixin, Wu Pengcheng, Zeng Wenhua, Chen Huanhuan, and Miao Chunyan. 2023. A survey on reinforcement learning for recommender systems. IEEE Trans. Neural Netw. Learn. Syst. (2023).Google Scholar
[77] Lin Yen-Chen, Hong Zhang-Wei, Liao Yuan-Hong, Shih Meng-Li, Liu Ming-Yu, and Sun Min. 2017. Tactics of adversarial attack on deep reinforcement learning agents. In International Conference on Learning Representations.Google Scholar
[78] Lin Yen-Chen, Liu Ming-Yu, Sun Min, and Huang Jia-Bin. 2017. Detecting adversarial attacks on neural network policies with visual foresight. arXiv preprint arXiv:1710.00814 (2017).Google Scholar
[79] Littman Michael L.. 1994. Markov games as a framework for multi-agent reinforcement learning. In International Conference on Machine Learning.Google Scholar
[80] Liu Siqi, Lever Guy, Merel Josh, Tunyasuvunakool Saran, Heess Nicolas, and Graepel Thore. 2018. Emergent coordination through competition. In International Conference on Learning Representations.Google Scholar
[81] Liu Ximeng, Deng Robert H., Choo Kim-Kwang Raymond, and Yang Yang. 2019. Privacy-preserving reinforcement learning design for patient-centric dynamic treatment regimes. IEEE Trans. Emerg. Topics Comput. 9, 1 (2019), 456–470.Google ScholarCross Ref
[82] Liu Zhengshang, Yang Yue, Miller Tim, and Masters Peta. 2021. Deceptive reinforcement learning for privacy-preserving planning. arXiv preprint arXiv:2102.03022 (2021).Google Scholar
[83] Lütjens Björn, Everett Michael, and How Jonathan P.. 2020. Certified adversarial robustness for deep reinforcement learning. In Conference on Robot Learning. PMLR, 1328–1337.Google Scholar
[84] Luyo Paul, Garcelon Evrard, Lazaric Alessandro, and Pirotta Matteo. 2021. Differentially private exploration in reinforcement learning with linear representation. arXiv preprint arXiv:2112.01585 (2021).Google Scholar
[85] Mandlekar Ajay, Zhu Yuke, Garg Animesh, Fei-Fei Li, and Savarese Silvio. 2017. Adversarially robust policy learning: Active construction of physically-plausible perturbations. Intell. Robot. Syst. (2017).Google Scholar
[86] Masters Peta and Sardina Sebastian. 2019. Goal recognition for rational and irrational agents. In 18th International Conference on Autonomous Agents and MultiAgent Systems. 440–448.Google ScholarDigital Library
[87] Minoofam Seyyed Amir Hadi, Bastanfard Azam, and Keyvanpour Mohammad Reza. 2022. RALF: An adaptive reinforcement learning framework for teaching dyslexic students. Multim. Tools Applic. 81, 5 (2022), 6389–6412.Google ScholarDigital Library
[88] Miyajima Hirofumi, Shigei Noritaka, Miyajima Hiromi, and Shiratori Norio. 2018. Analog Q-learning methods for secure multiparty computation. IAENG Int. J. Comput. Sci. 45, 4 (2018), 623–629.Google Scholar
[89] Mnih Volodymyr, Kavukcuoglu Koray, Silver David, Rusu Andrei, Veness Joel, Bellemare Marc G., Graves Alex, Riedmiller Martin, Fidjeland Andreas K., Ostrovski Georg, Petersen Stig, Beattie Charles, Sadik Amir, Antonoglou Ioannis, King Helen, Kumaran Dharshan, Wierstra Daan, Legg Shane, and Hassabis Demis. 2015. Human-level control through deep reinforcement learning. Nature (2015).Google ScholarCross Ref
[90] Mo Kanghua, Tang Weixuan, Li Jin, and Yuan Xu. 2022. Attacking deep reinforcement learning with decoupled adversarial policy. IEEE Trans. Depend. Sec. Comput. (2022).Google Scholar
[91] Moosavi-Dezfooli Seyed-Mohsen, Fawzi Alhussein, Fawzi Omar, and Frossard Pascal. 2017. Universal adversarial perturbations. Comput. Vis. Pattern Recog. (2017).Google Scholar
[92] Moosavi-Dezfooli Seyed-Mohsen, Fawzi Alhussein, and Frossard Pascal. 2016. DeepFool: A simple and accurate method to fool deep neural networks. In IEEE Conference on Computer Vision and Pattern Recognition. 2574–2582.Google ScholarCross Ref
[93] Movahedi Zahra and Bastanfard Azam. 2021. Toward competitive multi-agents in polo game based on reinforcement learning. Multim. Tools Applic. 80 (2021), 26773–26793.Google ScholarDigital Library
[94] Ngo Dung Daniel T., Vietri Giuseppe, and Wu Steven. 2022. Improved regret for differentially private exploration in linear MDP. In International Conference on Machine Learning. PMLR, 16529–16552.Google Scholar
[95] Nguyen Thanh Thi and Reddi Vijay Janapa. 2021. Deep reinforcement learning for cyber security. IEEE Trans. Neural Netw. Learn. Syst. (2021).Google Scholar
[96] Nian Rui, Liu Jinfeng, and Huang Biao. 2020. A review on reinforcement learning: Introduction and applications in industrial process control. Comput. Chem. Eng. 139 (2020), 106886.Google ScholarCross Ref
[97] Ogunmolu Olalekan, Gans Nicholas, and Summers Tyler H.. 2017. Minimax iterative dynamic game: Application to nonlinear robot control tasks. Intell. Robot. Syst. (2017).Google Scholar
[98] Oikarinen Tuomas P., Weng Tsui-Wei, and Daniel Luca. 2020. Robust deep reinforcement learning through adversarial loss. Neural Inf. Process. Syst. (2020).Google Scholar
[99] Ono Hajime and Takahashi Tsubasa. 2020. Locally private distributed reinforcement learning. arXiv preprint arXiv:2001.11718 (2020).Google Scholar
[100] Ouyang Long, Wu Jeffrey, Jiang Xu, Almeida Diogo, Wainwright Carroll, Mishkin Pamela, Zhang Chong, Agarwal Sandhini, Slama Katarina, Ray Alex, et al. 2022. Training language models to follow instructions with human feedback. Adv. Neural Inf. Process. Syst. 35 (2022), 27730–27744.Google Scholar
[101] Pan Xinlei, Wang Weiyao, Zhang Xiaoshuai, Li Bo, Yi Jinfeng, and Song Dawn. 2019. How you act tells a lot: Privacy-leaking attack on deep reinforcement learning. In 18th International Conference on Autonomous Agents and MultiAgent Systems. 368–376.Google Scholar
[102] Park Jaehyoung, Kim Dong Seong, and Lim Hyuk. 2020. Privacy-preserving reinforcement learning using homomorphic encryption in cloud computing infrastructures. IEEE Access 8 (2020), 203564–203579.Google ScholarCross Ref
[103] Patra Arpita and Suresh Ajith. 2020. BLAZE: Blazing fast privacy-preserving machine learning. arXiv preprint arXiv:2005.09042 (2020).Google Scholar
[104] Pham Nhan H., Nguyen Lam M., Chen Jie, Lam Hoang Thanh, Das Subhro, and Weng Tsui-Wei. 2022. Evaluating robustness of cooperative MARL: A model-based approach. arXiv preprint arXiv:2202.03558 (2022).Google Scholar
[105] Pinot Rafael, Meunier Laurent, Araujo Alexandre, Kashima Hisashi, Yger Florian, Gouy-Pailler Cédric, and Atif Jamal. 2019. Theoretical evidence for adversarial robustness through randomization. Adv. Neural Inf. Process. Syst. 32 (2019).Google Scholar
[106] Pinto Lerrel, Davidson James, Sukthankar Rahul, and Gupta Abhinav. 2017. Robust adversarial reinforcement learning.Google Scholar
[107] Poh Geong Sen and Yau Kok-Lim Alvin. 2016. Preserving privacy of agents in reinforcement learning for distributed cognitive radio networks. In 23rd International Conference on Neural Information Processing (ICONIP’16). Springer, 555–562.Google ScholarCross Ref
[108] Prakash Kritika, Husain Fiza, Paruchuri Praveen, and Gujar Sujit P.. 2021. How private is your RL policy? An inverse RL based analysis framework. arXiv preprint arXiv:2112.05495 (2021).Google Scholar
[109] Qiao Dan and Wang Yu-Xiang. 2022. Offline reinforcement learning with differential privacy. arXiv preprint arXiv:2206.00810 (2022).Google Scholar
[110] Quiring Erwin and Rieck Konrad. 2020. Backdooring and poisoning neural networks with image-scaling attacks. In IEEE Symposium on Security and Privacy.Google Scholar
[111] Raileanu Roberta, Denton Emily, Szlam Arthur, and Fergus Rob. 2018. Modeling others using oneself in multi-agent reinforcement learning. In International Conference on Machine Learning. PMLR, 4257–4266.Google Scholar
[112] Rakhsha Amin, Radanovic Goran, Devidze Rati, Zhu Xiaojin, and Singla Adish. 2020. Policy teaching via environment poisoning: Training-time adversarial attacks against reinforcement learning. In International Conference on Machine Learning.Google Scholar
[113] Rakhsha Amin, Zhang Xuezhou, Zhu Xiaojin, and Singla Adish. 2021. Reward poisoning in reinforcement learning: Attacks against unknown learners in unknown environments. arXiv: Learning (2021).Google Scholar
[114] Ren Kui, Zheng Tianhang, Qin Zhan, and Liu Xue. 2020. Adversarial attacks and defenses in deep learning. Engineering (2020).Google ScholarCross Ref
[115] Russo Alessio and Proutiere Alexandre. 2019. Optimal attacks on reinforcement learning policies. arXiv: Learning (2019).Google Scholar
[116] Sakuma Jun, Kobayashi Shigenobu, and Wright Rebecca N.. 2008. Privacy-preserving reinforcement learning. In 25th International Conference on Machine Learning. 864–871.Google ScholarDigital Library
[117] Salem Ahmed, Zhang Yang, Humbert Mathias, Berrang Pascal, Fritz Mario, and Backes Michael. 2018. ML-leaks: Model and data independent membership inference attacks and defenses on machine learning models. arXiv preprint arXiv:1806.01246 (2018).Google Scholar
[118] Samsonov Vladimir, Hicham Karim Ben, and Meisen Tobias. 2022. Reinforcement learning in manufacturing control: Baselines, challenges and ways forward. Eng. Applic. Artif. Intell. 112 (2022), 104868.Google ScholarDigital Library
[119] Sarkar Soumik, Jiang Zhanhong, and Havens Aaron J.. 2018. Online robust policy learning in the presence of unknown adversaries. Neural Inf. Process. Syst. (2018).Google Scholar
[120] Schrittwieser Julian, Antonoglou Ioannis, Hubert Thomas, Simonyan Karen, Sifre Laurent, Schmitt Simon, Guez Arthur, Lockhart Edward, Hassabis Demis, Graepel Thore, et al. 2020. Mastering Atari, Go, chess and shogi by planning with a learned model. Nature 588, 7839 (2020), 604–609.Google ScholarCross Ref
[121] Schulman John, Levine Sergey, Abbeel Pieter, Jordan Michael, and Moritz Philipp. 2015. Trust region policy optimization. In International Conference on Machine Learning. PMLR, 1889–1897.Google ScholarDigital Library
[122] Schulman John, Wolski Filip, Dhariwal Prafulla, Radford Alec, and Klimov Oleg. 2017. Proximal policy optimization algorithms. arXiv preprint arXiv:1707.06347 (2017).Google Scholar
[123] Seo Kanghyeon and Yang Jihoon. 2020. Differentially private actor and its eligibility trace. Electronics 9, 9 (2020), 1486.Google ScholarCross Ref
[124] Shen Qianli, Li Yan, Jiang Haoming, Wang Zhaoran, and Zhao Tuo. 2020. Deep reinforcement learning with robust and smooth policy. In International Conference on Machine Learning. PMLR, 8707–8718.Google Scholar
[125] Shi Zhouxing, Wang Yihan, Zhang Huan, Kolter J. Zico, and Hsieh Cho-Jui. 2022. Efficiently computing local Lipschitz constants of neural networks via bound propagation. Adv. Neural Inf. Process. Syst. 35 (2022), 2350–2364.Google Scholar
[126] Shin Hocheol, Son Yunmok, Park Youngseok, Kwon Yujin, and Kim Yongdae. 2016. Sampling race: Bypassing timing-based analog active sensor spoofing detection on analog-digital systems. In 10th USENIX Conference on Offensive Technologies (WOOT’16).Google Scholar
[127] Shokri Reza, Stronati Marco, Song Congzheng, and Shmatikov Vitaly. 2017. Membership inference attacks against machine learning models. In IEEE Symposium on Security and Privacy (SP’17). IEEE, 3–18.Google Scholar
[128] Silver David, Hubert Thomas, Schrittwieser Julian, Antonoglou Ioannis, Lai Matthew, Guez Arthur, Lanctot Marc, Sifre Laurent, Kumaran Dharshan, Graepel Thore, et al. 2017. Mastering chess and shogi by self-play with a general reinforcement learning algorithm. arXiv preprint arXiv:1712.01815 (2017).Google Scholar
[129] Silver David, Singh Satinder, Precup Doina, and Sutton Richard S.. 2021. Reward is enough. Artif. Intell. 299 (2021), 103535.Google ScholarCross Ref
[130] Smirnova Elena, Dohmatob Elvis, and Mary Jérémie. 2019. Distributionally robust reinforcement learning. arXiv: Machine Learning (2019).Google Scholar
[131] Son Yunmok, Shin Hocheol, Kim Dongkwan, Park Youngseok, Noh Juhwan, Choi Kibum, Choi Jung-Woo, and Kim Yongdae. 2015. Rocking drones with intentional sound noise on gyroscopic sensors. In USENIX Security Symposium.Google Scholar
[132] Sun Jianwen, Zhang Tianwei, Xie Xiaofei, Ma Lei, Zheng Yan, Chen Kangjie, and Liu Yang. 2020. Stealthy and efficient adversarial attacks against deep reinforcement learning. In National Conference on Artificial Intelligence.Google ScholarCross Ref
[133] Sun Yanchao, Zheng Ruijie, Hassanzadeh Parisa, Liang Yongyuan, Feizi Soheil, Ganesh Sumitra, and Huang Furong. 2022. Certifiably robust policy learning against adversarial communication in multi-agent systems. arXiv preprint arXiv:2206.10158 (2022).Google Scholar
[134] Sutton Richard S.. 1991. Dyna, an integrated architecture for learning, planning, and reacting. ACM SIGART Bull. 2, 4 (1991), 160–163.Google ScholarDigital Library
[135] Sutton Richard S. and Barto Andrew G.. 2018. Reinforcement Learning: An Introduction. MIT Press.Google ScholarDigital Library
[136] Tang Weixuan, Li Bin, Barni Mauro, Li Jin, and Huang Jiwu. 2020. An automatic cost learning framework for image steganography using deep reinforcement learning. IEEE Trans. Inf. Forens. Secur. 16 (2020), 952–967.Google ScholarCross Ref
[137] Tang Weixuan, Li Bin, Barni Mauro, Li Jin, and Huang Jiwu. 2021. Improving cost learning for JPEG steganography by exploiting JPEG domain knowledge. IEEE Trans. Circ. Syst. Vid. Technol. (2021).Google Scholar
[138] Tessler Chen, Efroni Yonathan, and Mannor Shie. 2019. Action robust reinforcement learning and applications in continuous control. In International Conference on Machine Learning.Google Scholar
[139] Tramèr Florian, Zhang Fan, Juels Ari, Reiter Michael K., and Ristenpart Thomas. 2016. Stealing machine learning models via prediction APIs. In 25th USENIX Security Symposium (USENIX Security’16). 601–618.Google Scholar
[140] Tretschk Edgar, Oh Seong Joon, and Fritz Mario. 2018. Sequential attacks on agents for long-term adversarial goals. arXiv: Learning (2018).Google Scholar
[141] Tu James, Wang Tsun-Hsuan, Wang Jingkang, Manivasagam Sivabalan, Ren Mengye, and Urtasun Raquel. 2021. Adversarial attacks on multi-agent communication. In International Conference on Computer Vision.Google Scholar
[142] Vietri Giuseppe, Balle Borja, Krishnamurthy Akshay, and Wu Steven. 2020. Private reinforcement learning with PAC and regret guarantees. In International Conference on Machine Learning. PMLR, 9754–9764.Google Scholar
[143] Varghese Nelson Vithayathil and Mahmoud Qusay H.. 2020. A survey of multi-task deep reinforcement learning. Electronics 9, 9 (2020), 1363.Google ScholarCross Ref
[144] Wang Binghui and Gong Neil Zhenqiang. 2018. Stealing hyperparameters in machine learning. In IEEE Symposium on Security and Privacy (SP’18). IEEE, 36–52.Google Scholar
[145] Wang Baoxiang and Hegde Nidhi. 2019. Privacy-preserving Q-learning with functional noise in continuous spaces. Adv. Neural Inf. Process. Syst. 32 (2019).Google Scholar
[146] Wang Haoyu, Ma Guozheng, Yu Cong, Gui Ning, Zhang Linrui, Huang Zhiqi, Ma Suwei, Chang Yongzhe, Zhang Sen, Shen Li, et al. 2023. Are large language models really robust to word-level perturbations? arXiv preprint arXiv:2309.11166 (2023).Google Scholar
[147] Wang Jingkang, Liu Yang, and Li Bo. 2020. Reinforcement learning with perturbed rewards. In National Conference on Artificial Intelligence.Google ScholarCross Ref
[148] Wang Lun, Javed Zaynah, Wu Xian, Guo Wenbo, Xing Xinyu, and Song Dawn. 2021. BACKDOORL: Backdoor attack against competitive reinforcement learning. In International Joint Conference on Artificial Intelligence.Google Scholar
[149] Wang Ling, Zhang Cheng, and Liu Jie. 2020. Deep learning defense method against adversarial attacks. Syst., Man Cybern. (2020).Google Scholar
[150] Wang Shiqi, Zhang Huan, Xu Kaidi, Lin Xue, Jana Suman, Hsieh Cho-Jui, and Kolter J. Zico. 2021. Beta-CROWN: Efficient bound propagation with per-neuron split constraints for complete and incomplete neural network verification. Adv. Neural Inf. Process. Syst. 34 (2021).Google Scholar
[151] Wang Zhibo, Song Mengkai, Zhang Zhifei, Song Yang, Wang Qian, and Qi Hairong. 2019. Beyond inferring class representatives: User-level privacy leakage from federated learning. In IEEE Conference on Computer Communications (INFOCOM’19). IEEE, 2512–2520.Google ScholarDigital Library
[152] Weng Lily, Zhang Huan, Chen Hongge, Song Zhao, Hsieh Cho-Jui, Daniel Luca, Boning Duane, and Dhillon Inderjit. 2018. Towards fast computation of certified robustness for ReLU networks. In International Conference on Machine Learning. PMLR, 5276–5285.Google Scholar
[153] Weng Tsui-Wei, Dvijotham Krishnamurthy, Uesato Jonathan, Xiao Kai, Gowal Sven, Stanforth Robert, and Kohli Pushmeet. 2020. Toward evaluating robustness of deep reinforcement learning with continuous control. Learning (2020).Google Scholar
[154] Wong Eric and Kolter Zico. 2018. Provable defenses against adversarial examples via the convex outer adversarial polytope. In International Conference on Machine Learning. PMLR, 5286–5295.Google Scholar
[155] Wu Fan, Li Linyi, Zhang Huan, Kailkhura Bhavya, Kenthapadi Krishnaram, Zhao Ding, and Li Bo. 2021. COPA: Certifying robust policies for offline reinforcement learning against poisoning attacks. In International Conference on Learning Representations.Google Scholar
[156] Wu Nan, Farokhi Farhad, Smith David, and Kaafar Mohamed Ali. 2020. The value of collaboration in convex machine learning with differential privacy. In IEEE Symposium on Security and Privacy (SP’20). IEEE, 304–317.Google Scholar
[157] Wu Xian, Guo Wenbo, Wei Hua, and Xing Xinyu. 2021. Adversarial policy training against deep reinforcement learning. In 30th USENIX Security Symposium (USENIX Security’21). 1883–1900.Google Scholar
[158] Xi Zhiheng, Chen Wenxiang, Guo Xin, He Wei, Ding Yiwen, Hong Boyang, Zhang Ming, Wang Junzhe, Jin Senjie, Zhou Enyu, et al. 2023. The rise and potential of large language model based agents: A survey. arXiv preprint arXiv:2309.07864 (2023).Google Scholar
[159] Xiang Yingxiao, Niu Wenjia, Liu Jiqiang, Chen Tong, and Han Zhen. 2018. A PCA-based model to predict adversarial examples on Q-learning of path finding. In IEEE International Conference on Data Science in Cyberspace.Google Scholar
[160] Xiao Chaowei, Pan Xinlei, He Warren, Li Bo, Peng Jian, Sun Mingjie, Yi Jinfeng, Liu Mingyan, and Song Dawn. 2018. Characterizing attacks on deep reinforcement learning. arXiv: Learning (2018).Google Scholar
[161] Xiao Qixue, Chen Yufei, Shen Chao, Chen Yu, and Li Kang. 2019. Seeing is not believing: Camouflage attacks on image scaling algorithms. In USENIX Security Symposium.Google Scholar
[162] Xie Cihang, Wang Jianyu, Zhang Zhishuai, Ren Zhou, and Yuille Alan. 2018. Mitigating adversarial effects through randomization. In International Conference on Learning Representations.Google Scholar
[163] Xie Cihang, Wu Yuxin, Maaten Laurens van der, Yuille Alan L., and He Kaiming. 2019. Feature denoising for improving adversarial robustness. In IEEE/CVF Conference on Computer Vision and Pattern Recognition. 501–509.Google ScholarCross Ref
[164] Xie Tengyang, Thomas Philip S., and Miklau Gerome. 2019. Privacy preserving off-policy evaluation. arXiv preprint arXiv:1902.00174 (2019).Google Scholar
[165] Xiong Zikang, Eappen Joe, Zhu He, and Jagannathan Suresh. 2022. Defending observation attacks in deep reinforcement learning via detection and denoising. arXiv preprint arXiv:2206.07188 (2022).Google Scholar
[166] Xu Hang. 2022. Transferable environment poisoning: Training-time attack on reinforcement learner with limited prior knowledge. In 21st International Conference on Autonomous Agents and Multiagent Systems. 1884–1886.Google ScholarDigital Library
[167] Xu Hang, Wang Rundong, Raizman Lev, and Rabinovich Zinovi. 2021. Transferable environment poisoning: Training-time attack on reinforcement learning. In 20th International Conference on Autonomous Agents and Multiagent Systems. 1398–1406.Google ScholarDigital Library
[168] Xu Kaidi, Shi Zhouxing, Zhang Huan, Wang Yihan, Chang Kai-Wei, Huang Minlie, Kailkhura Bhavya, Lin Xue, and Hsieh Cho-Jui. 2020. Automatic perturbation analysis for scalable certified robustness and beyond. Adv. Neural Inf. Process. Syst. 33 (2020).Google Scholar
[169] Xu Mengdi, Liu Zuxin, Huang Peide, Ding Wenhao, Cen Zhepeng, Li Bo, and Zhao Ding. 2022. Trustworthy reinforcement learning against intrinsic vulnerabilities: Robustness, safety, and generalizability. arXiv preprint arXiv:2209.08025 (2022).Google Scholar
[170] Xue Wanqi, Qiu Wei, An Bo, Rabinovich Zinovi, Obraztsova Svetlana, and Yeo Chai Kiat. 2021. Mis-spoke or mis-lead: Achieving robustness in multi-agent communicative reinforcement learning. arXiv: Learning (2021).Google Scholar
[171] Yang Chao-Han Huck, Qi Jun, Chen Pin-Yu, Ouyang Yi, Hung I-Te Danny, Lee Chin-Hui, and Ma Xiaoli. 2020. Enhanced adversarial strategically-timed attacks against deep reinforcement learning. In International Conference on Acoustics, Speech, and Signal Processing.Google Scholar
[172] Yang Guoyu, Wang Yilei, Wang Zhaojie, Tian Youliang, Yu Xiaomei, and Li Shouzhe. 2020. IPBSM: An optimal bribery selfish mining in the presence of intelligent and pure attackers. Int. J. Intell. Syst. 35, 11 (2020), 1735–1748.Google ScholarDigital Library
[173] Yang Hongyang, Liu Xiao-Yang, Zhong Shan, and Walid Anwar. 2020. Deep reinforcement learning for automated stock trading: An ensemble strategy. In 1st ACM International Conference on AI in Finance. 1–8.Google ScholarDigital Library
[174] Yu Honggang, Yang Kaichen, Zhang Teng, Tsai Yun-Yun, Ho Tsung-Yi, and Jin Yier. 2020. CloudLeak: Large-scale deep learning models stealing through adversarial examples. In Network and Distributed System Security Symposium (NDSS’20).Google Scholar
[175] Yu Jiahao, Lin Xingwei, and Xing Xinyu. 2023. GPTFUZZER: Red teaming large language models with auto-generated jailbreak prompts. arXiv preprint arXiv:2309.10253 (2023).Google Scholar
[176] Yu Liang, Qin Shuqi, Zhang Meng, Shen Chao, Jiang Tao, and Guan Xiaohong. 2021. A review of deep reinforcement learning for smart building energy management. IEEE Internet Things J. 8, 15 (2021), 12046–12063.Google ScholarCross Ref
[177] Yu Yinbo, Liu Jiajia, Li Shouqing, Huang Kepu, and Feng Xudong. 2022. A temporal-pattern backdoor attack to deep reinforcement learning. In IEEE Global Communications Conference (GLOBECOM’22). IEEE, 2710–2715.Google ScholarCross Ref
[178] Yuan Yinlong, Yu Zhu Liang, Gu Zhenghui, Deng Xiaoyan, and Li Yuanqing. 2019. A novel multi-step reinforcement learning method for solving reward hacking. Appl. Intell. (2019).Google ScholarDigital Library
[179] Zhan Albert, Tiomkin Stas, and Abbeel Pieter. 2020. Preventing imitation learning with adversarial policy ensembles. arXiv preprint arXiv:2002.01059 (2020).Google Scholar
[180] Zhang Huan, Chen Hongge, Boning Duane S., and Hsieh Cho-Jui. 2021. Robust reinforcement learning on state observations with learned optimal adversary. In International Conference on Learning Representations.Google Scholar
[181] Zhang Huan, Chen Hongge, Xiao Chaowei, Li Bo, Liu Mingyan, Boning Duane S., and Hsieh Cho-Jui. 2020. Robust deep reinforcement learning against adversarial perturbations on state observations. Neural Inf. Process. Syst. (2020).Google Scholar
[182] Zhang Haoqi and Parkes David C.. 2008. Value-based policy teaching with active indirect elicitation. In National Conference on Artificial Intelligence.Google Scholar
[183] Zhang Haoqi, Parkes David C., and Chen Yiling. 2009. Policy teaching through reward function learning. Electron. Commerce (2009).Google Scholar
[184] Zhang Huan, Weng Tsui-Wei, Chen Pin-Yu, Hsieh Cho-Jui, and Daniel Luca. 2018. Efficient neural network robustness certification with general activation functions. Adv. Neural Inf. Process. Syst. 31 (2018).Google Scholar
[185] Zhang Kaiqing, Yang Zhuoran, and Başar Tamer. 2021. Multi-agent reinforcement learning: A selective overview of theories and algorithms. In Handbook of Reinforcement Learning and Control. Springer, 321–384.Google ScholarCross Ref
[186] Zhang Sai Qian, Zhang Qi, and Lin Jieyu. 2020. Succinct and robust multi-agent communication with temporal message control. Neural Inf. Process. Syst. (2020).Google Scholar
[187] Zhang Xueru and Liu Mingyan. 2021. Fairness in learning-based sequential decision algorithms: A survey. In Handbook of Reinforcement Learning and Control. Springer, 525–555.Google ScholarCross Ref
[188] Zhao Wenshuai, Queralta Jorge Peña, and Westerlund Tomi. 2020. Sim-to-real transfer in deep reinforcement learning for robotics: A survey. In IEEE Symposium Series on Computational Intelligence (SSCI’20). IEEE, 737–744.Google Scholar
[189] Zhou Huaicheng, Mo Kanghua, Huang Teng, and Li Yongjin. 2023. Empirical study of privacy inference attack against deep reinforcement learning models. Connect. Sci. 35, 1 (2023), 2211240.Google ScholarCross Ref
[190] Zhou Xingyu. 2022. Differentially private reinforcement learning with linear function approximation. Proceedings of the ACM Measur. Anal. Comput. Syst. 6, 1 (2022), 1–27.Google ScholarDigital Library
[191] Zhou Ziyuan and Liu Guanjun. 2022. RoMFAC: A robust mean-field actor-critic reinforcement learning against adversarial perturbations on states. arXiv preprint arXiv:2205.07229 (2022).Google Scholar
[192] Zhu Kaijie, Wang Jindong, Zhou Jiaheng, Wang Zichen, Chen Hao, Wang Yidong, Yang Linyi, Ye Wei, Gong Neil Zhenqiang, Zhang Yue, et al. 2023. PromptBench: Towards evaluating the robustness of large language models on adversarial prompts. arXiv preprint arXiv:2306.04528 (2023).Google Scholar
[193] Zhu Ligeng, Liu Zhijian, and Han Song. 2019. Deep leakage from gradients. Adv. Neural Inf. Process. Syst. 32 (2019).Google Scholar

Index Terms

Security and Privacy Issues in Deep Reinforcement Learning: Threats and Countermeasures
1. Computing methodologies
  1. Artificial intelligence
    1. Control methods
2. Security and privacy

Recommendations

Deep-attack over the deep reinforcement learning
Abstract
Recent adversarial attack developments have made reinforcement learning more vulnerable, and different approaches exist to deploy attacks against it, where the key is how to choose the right timing of the attack. Some work tries to ...
Highlights
- Adversarial attack over DRL in terms of attack efficiency and stealth is explored.
Read More
Snooping Attacks on Deep Reinforcement Learning
AAMAS '20: Proceedings of the 19th International Conference on Autonomous Agents and MultiAgent Systems

Adversarial attacks have exposed a significant security vulnerability in state-of-the-art machine learning models. Among these models include deep reinforcement learning agents. The existing methods for attacking reinforcement learning agents assume the ...
Read More
Reward Delay Attacks on Deep Reinforcement Learning
Decision and Game Theory for Security
Abstract
Most reinforcement learning algorithms implicitly assume strong synchrony. We present novel attacks targeting Q-learning that exploit a vulnerability entailed by this assumption by delaying the reward signal for a limited time period. We consider ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 56, Issue 6
June 2024
963 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3613600
Editor:
Albert Zomaya
University of Sydney, Australia
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 23 February 2024
- Online AM: 12 January 2024
- Accepted: 1 December 2023
- Revised: 19 October 2023
- Received: 13 September 2022
Published in csur Volume 56, Issue 6

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Deep reinforcement learning
adversarial attack
defense
Qualifiers
- survey
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 0
  Total Citations
  View Citations
- 677
  Total Downloads
- Downloads (Last 12 months)677
- Downloads (Last 6 weeks)231
Other Metrics
View Author Metrics
Cited By
This publication has not been cited yet

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Full Text

View this article in Full Text.

View Full Text

Security and Privacy Issues in Deep Reinforcement Learning: Threats and Countermeasures

ACM Computing Surveys

Abstract

REFERENCES

Cited By

Index Terms

Recommendations

Deep-attack over the deep reinforcement learning

Snooping Attacks on Deep Reinforcement Learning

Reward Delay Attacks on Deep Reinforcement Learning