Adversarial attacks on stochastic bandits

Kwang Sung Jun; Yuzhe Ma; Lihong Li; Xiaojin Zhu

Adversarial attacks on stochastic bandits

Kwang Sung Jun, Yuzhe Ma, Lihong Li, Xiaojin Zhu

Research output: Contribution to journal › Conference article › peer-review

Abstract

We study adversarial attacks that manipulate the reward signals to control the actions chosen by a stochastic multi-armed bandit algorithm. We propose the first attack against two popular bandit algorithms: -greedy and UCB, without knowledge of the mean rewards. The attacker is able to spend only logarithmic effort, multiplied by a problem-specific parameter that becomes smaller as the bandit problem gets easier to attack. The result means the attacker can easily hijack the behavior of the bandit algorithm to promote or obstruct certain actions, say, a particular medical treatment. As bandits are seeing increasingly wide use in practice, our study exposes a significant security threat.

Original language	English (US)
Pages (from-to)	3640-3649
Number of pages	10
Journal	Advances in Neural Information Processing Systems
Volume	2018-December
State	Published - 2018
Externally published	Yes
Event	32nd Conference on Neural Information Processing Systems, NeurIPS 2018 - Montreal, Canada Duration: Dec 2 2018 → Dec 8 2018

ASJC Scopus subject areas

Computer Networks and Communications
Information Systems
Signal Processing

Cite this

@article{add71b52732a40308b67908c1b7f4da9,

title = "Adversarial attacks on stochastic bandits",

abstract = "We study adversarial attacks that manipulate the reward signals to control the actions chosen by a stochastic multi-armed bandit algorithm. We propose the first attack against two popular bandit algorithms: -greedy and UCB, without knowledge of the mean rewards. The attacker is able to spend only logarithmic effort, multiplied by a problem-specific parameter that becomes smaller as the bandit problem gets easier to attack. The result means the attacker can easily hijack the behavior of the bandit algorithm to promote or obstruct certain actions, say, a particular medical treatment. As bandits are seeing increasingly wide use in practice, our study exposes a significant security threat.",

author = "Jun, {Kwang Sung} and Yuzhe Ma and Lihong Li and Xiaojin Zhu",

note = "Funding Information: This work is supported in part by NSF 1837132, 1545481, 1704117, 1623605, 1561512, and the MADLab AF Center of Excellence FA9550-18-1-0166. Publisher Copyright: {\textcopyright} 2018 Curran Associates Inc..All rights reserved.; 32nd Conference on Neural Information Processing Systems, NeurIPS 2018 ; Conference date: 02-12-2018 Through 08-12-2018",

year = "2018",

language = "English (US)",

volume = "2018-December",

pages = "3640--3649",

journal = "Advances in Neural Information Processing Systems",

issn = "1049-5258",

}

TY - JOUR

T1 - Adversarial attacks on stochastic bandits

AU - Jun, Kwang Sung

AU - Ma, Yuzhe

AU - Li, Lihong

AU - Zhu, Xiaojin

N1 - Funding Information: This work is supported in part by NSF 1837132, 1545481, 1704117, 1623605, 1561512, and the MADLab AF Center of Excellence FA9550-18-1-0166. Publisher Copyright: © 2018 Curran Associates Inc..All rights reserved.

PY - 2018

Y1 - 2018

N2 - We study adversarial attacks that manipulate the reward signals to control the actions chosen by a stochastic multi-armed bandit algorithm. We propose the first attack against two popular bandit algorithms: -greedy and UCB, without knowledge of the mean rewards. The attacker is able to spend only logarithmic effort, multiplied by a problem-specific parameter that becomes smaller as the bandit problem gets easier to attack. The result means the attacker can easily hijack the behavior of the bandit algorithm to promote or obstruct certain actions, say, a particular medical treatment. As bandits are seeing increasingly wide use in practice, our study exposes a significant security threat.

AB - We study adversarial attacks that manipulate the reward signals to control the actions chosen by a stochastic multi-armed bandit algorithm. We propose the first attack against two popular bandit algorithms: -greedy and UCB, without knowledge of the mean rewards. The attacker is able to spend only logarithmic effort, multiplied by a problem-specific parameter that becomes smaller as the bandit problem gets easier to attack. The result means the attacker can easily hijack the behavior of the bandit algorithm to promote or obstruct certain actions, say, a particular medical treatment. As bandits are seeing increasingly wide use in practice, our study exposes a significant security threat.

UR - http://www.scopus.com/inward/record.url?scp=85064820089&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064820089&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:85064820089

SN - 1049-5258

VL - 2018-December

SP - 3640

EP - 3649

JO - Advances in Neural Information Processing Systems

JF - Advances in Neural Information Processing Systems

T2 - 32nd Conference on Neural Information Processing Systems, NeurIPS 2018

Y2 - 2 December 2018 through 8 December 2018

ER -

Adversarial attacks on stochastic bandits

Abstract

ASJC Scopus subject areas

Other files and links

Cite this