Adversarial Reinforcement Learning under Partial Observability in Software-Defined Networking

Add code
Feb 25, 2019
Yi Han, David Hubczenko, Paul Montague, Olivier De Vel, Tamas Abraham, Benjamin I. P. Rubinstein, Christopher Leckie, Tansu Alpcan, Sarah Erfani
Figure 1 for Adversarial Reinforcement Learning under Partial Observability in Software-Defined Networking
Figure 2 for Adversarial Reinforcement Learning under Partial Observability in Software-Defined Networking
Figure 3 for Adversarial Reinforcement Learning under Partial Observability in Software-Defined Networking
Figure 4 for Adversarial Reinforcement Learning under Partial Observability in Software-Defined Networking

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Recent studies have demonstrated that reinforcement learning (RL) agents are susceptible to adversarial manipulation, similar to vulnerabilities previously demonstrated in the supervised setting. Accordingly focus has remained with computer vision, and full observability. This paper focuses on reinforcement learning in the context of autonomous defence in Software-Defined Networking (SDN). We demonstrate that causative attacks---attacks that target the training process---can poison RL agents even if the attacker only has partial observability of the environment. In addition, we propose an inversion defence method that aims to apply the opposite perturbation to that which an attacker might use to generate their adversarial samples. Our experimental results illustrate that the countermeasure can effectively reduce the impact of the causative attack, while not significantly affecting the training process in non-attack scenarios.

* 8 pages, 4 figures  
View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon