Saved in:
Bibliographic Details
Main Authors: Zhuang, Zhixiong, Nicolae, Maria-Irina, Fritz, Mario
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2405.07004
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917664107003904
author Zhuang, Zhixiong
Nicolae, Maria-Irina
Fritz, Mario
author_facet Zhuang, Zhixiong
Nicolae, Maria-Irina
Fritz, Mario
contents Deep reinforcement learning policies, which are integral to modern control systems, represent valuable intellectual property. The development of these policies demands considerable resources, such as domain expertise, simulation fidelity, and real-world validation. These policies are potentially vulnerable to model stealing attacks, which aim to replicate their functionality using only black-box access. In this paper, we propose Stealthy Imitation, the first attack designed to steal policies without access to the environment or knowledge of the input range. This setup has not been considered by previous model stealing methods. Lacking access to the victim's input states distribution, Stealthy Imitation fits a reward model that allows to approximate it. We show that the victim policy is harder to imitate when the distribution of the attack queries matches that of the victim. We evaluate our approach across diverse, high-dimensional control tasks and consistently outperform prior data-free approaches adapted for policy stealing. Lastly, we propose a countermeasure that significantly diminishes the effectiveness of the attack.
format Preprint
id arxiv_https___arxiv_org_abs_2405_07004
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Stealthy Imitation: Reward-guided Environment-free Policy Stealing
Zhuang, Zhixiong
Nicolae, Maria-Irina
Fritz, Mario
Cryptography and Security
Machine Learning
Deep reinforcement learning policies, which are integral to modern control systems, represent valuable intellectual property. The development of these policies demands considerable resources, such as domain expertise, simulation fidelity, and real-world validation. These policies are potentially vulnerable to model stealing attacks, which aim to replicate their functionality using only black-box access. In this paper, we propose Stealthy Imitation, the first attack designed to steal policies without access to the environment or knowledge of the input range. This setup has not been considered by previous model stealing methods. Lacking access to the victim's input states distribution, Stealthy Imitation fits a reward model that allows to approximate it. We show that the victim policy is harder to imitate when the distribution of the attack queries matches that of the victim. We evaluate our approach across diverse, high-dimensional control tasks and consistently outperform prior data-free approaches adapted for policy stealing. Lastly, we propose a countermeasure that significantly diminishes the effectiveness of the attack.
title Stealthy Imitation: Reward-guided Environment-free Policy Stealing
topic Cryptography and Security
Machine Learning
url https://arxiv.org/abs/2405.07004