English

Data Poisoning Attacks in Contextual Bandits

Machine Learning 2018-08-27 v2 Cryptography and Security Machine Learning

Abstract

We study offline data poisoning attacks in contextual bandits, a class of reinforcement learning problems with important applications in online recommendation and adaptive medical treatment, among others. We provide a general attack framework based on convex optimization and show that by slightly manipulating rewards in the data, an attacker can force the bandit algorithm to pull a target arm for a target contextual vector. The target arm and target contextual vector are both chosen by the attacker. That is, the attacker can hijack the behavior of a contextual bandit. We also investigate the feasibility and the side effects of such attacks, and identify future directions for defense. Experiments on both synthetic and real-world data demonstrate the efficiency of the attack algorithm.

Keywords

Cite

@article{arxiv.1808.05760,
  title  = {Data Poisoning Attacks in Contextual Bandits},
  author = {Yuzhe Ma and Kwang-Sung Jun and Lihong Li and Xiaojin Zhu},
  journal= {arXiv preprint arXiv:1808.05760},
  year   = {2018}
}

Comments

GameSec 2018

R2 v1 2026-06-23T03:36:32.339Z