Reinforcement Learning (RL) has achieved a plenty of breakthroughs in the past decade. Notably, existing studies have shown that RL is suffered from poisoning attack, which results in failure or even catastrophe in decision processes. However, these studies almost focus on single-agent RL setting, the cooperative Multi-Agent Reinforcement Learning (c-MARL) setting is less explored, which is a generalization of the single-agent RL setting and has achieved great success in many areas. As a sub-field of RL setting, c-MARL also faces some security issues, e.g., poisoning attack.In this paper, we introduce two novel poisoning attack techniques, i.e., State Noise Poisoning Attack (SNPA) and Target Action Poisoning Attack (TAPA), to attack the c-MARL setting stealthily and efficiently, which achieves the goal that poisoning the c-MARL setting while only manipulate one agent. The first attack technique, termed SNPA, a black-box attack method, modifies the state observation data of one agent, which results in the c-MARL setting performance degradation. The second attack technique, termed TAPA, a white-box attack method, injects a backdoor and triggers the target action by manipulating the action and reward function of one agent. The extensive experiments are conducted in two popular c-MARL games, i.e., MCSPT and MCHT. The experiment results show that the presented novel poisoning attacks, SNPA and TAPA, are effective on c-MARL scenarios. Specifically, the total reward is reduced by 1/3 and the winning rate of team drops down to 0 under the two proposed attacks. Furthermore, the TAPA experiments verify that the victim agent executes the target action once the backdoor is triggered. It is worth noting that the trigger rate of target action rises up to 99.31% and 99.01% in two c-MARL games.
Read full abstract