Guardado en:
Detalles Bibliográficos
Autores principales: Zhou, Xue, Man, Dapeng, Xu, Chen, Zeng, Fanyi, Liu, Tao, Wang, Huan, He, Shucheng, Gao, Chaoyang, Yang, Wu
Formato: Preprint
Publicado: 2025
Materias:
Acceso en línea:https://arxiv.org/abs/2506.11172
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866915340697468928
author Zhou, Xue
Man, Dapeng
Xu, Chen
Zeng, Fanyi
Liu, Tao
Wang, Huan
He, Shucheng
Gao, Chaoyang
Yang, Wu
author_facet Zhou, Xue
Man, Dapeng
Xu, Chen
Zeng, Fanyi
Liu, Tao
Wang, Huan
He, Shucheng
Gao, Chaoyang
Yang, Wu
contents Offline reinforcement learning (RL) heavily relies on the coverage of pre-collected data over the target policy's distribution. Existing studies aim to improve data-policy coverage to mitigate distributional shifts, but overlook security risks from insufficient coverage, and the single-step analysis is not consistent with the multi-step decision-making nature of offline RL. To address this, we introduce the sequence-level concentrability coefficient to quantify coverage, and reveal its exponential amplification on the upper bound of estimation errors through theoretical analysis. Building on this, we propose the Collapsing Sequence-Level Data-Policy Coverage (CSDPC) poisoning attack. Considering the continuous nature of offline RL data, we convert state-action pairs into decision units, and extract representative decision patterns that capture multi-step behavior. We identify rare patterns likely to cause insufficient coverage, and poison them to reduce coverage and exacerbate distributional shifts. Experiments show that poisoning just 1% of the dataset can degrade agent performance by 90%. This finding provides new perspectives for analyzing and safeguarding the security of offline RL.
format Preprint
id arxiv_https___arxiv_org_abs_2506_11172
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Collapsing Sequence-Level Data-Policy Coverage via Poisoning Attack in Offline Reinforcement Learning
Zhou, Xue
Man, Dapeng
Xu, Chen
Zeng, Fanyi
Liu, Tao
Wang, Huan
He, Shucheng
Gao, Chaoyang
Yang, Wu
Machine Learning
Artificial Intelligence
Offline reinforcement learning (RL) heavily relies on the coverage of pre-collected data over the target policy's distribution. Existing studies aim to improve data-policy coverage to mitigate distributional shifts, but overlook security risks from insufficient coverage, and the single-step analysis is not consistent with the multi-step decision-making nature of offline RL. To address this, we introduce the sequence-level concentrability coefficient to quantify coverage, and reveal its exponential amplification on the upper bound of estimation errors through theoretical analysis. Building on this, we propose the Collapsing Sequence-Level Data-Policy Coverage (CSDPC) poisoning attack. Considering the continuous nature of offline RL data, we convert state-action pairs into decision units, and extract representative decision patterns that capture multi-step behavior. We identify rare patterns likely to cause insufficient coverage, and poison them to reduce coverage and exacerbate distributional shifts. Experiments show that poisoning just 1% of the dataset can degrade agent performance by 90%. This finding provides new perspectives for analyzing and safeguarding the security of offline RL.
title Collapsing Sequence-Level Data-Policy Coverage via Poisoning Attack in Offline Reinforcement Learning
topic Machine Learning
Artificial Intelligence
url https://arxiv.org/abs/2506.11172