Search Results for author:
Found 53 papers, 10 papers with code
Optimal Attack and Defense for Reinforcement Learning
Although the defense problem is NP-hard, we show that optimal Markovian defenses can be computed (learned) in polynomial time (sample complexity) in many scenarios.
Optimally Teaching a Linear Behavior Cloning Agent
The goal of the teacher is to teach a realizable target policy to the learner using minimum number of state demonstrations.
Learning interactions to boost human creativity with bandits and GPT-4
This paper considers how interactions with AI algorithms can boost human creative thought.
Anytime-Constrained Reinforcement Learning
Our reduction yields planning and learning algorithms that are time and sample-efficient for tabular cMDPs so long as the precision of the costs is logarithmic in the size of the cMDP.
Minimally Modifying a Markov Game to Achieve Any Nash Equilibrium and Value
We study the game modification problem, where a benevolent game designer or a malevolent adversary modifies the reward function of a zero-sum Markov game so that a target deterministic or stochastic policy profile becomes the unique Markov perfect Nash equilibrium and has a value within a target range, in a way that minimizes the modification cost.
Dream the Impossible: Outlier Imagination with Diffusion Models
Utilizing auxiliary outlier datasets to regularize the machine learning model has demonstrated promise for out-of-distribution (OOD) detection and safe prediction.
VISER: A Tractable Solution Concept for Games with Information Asymmetry
Many real-world games suffer from information asymmetry: one player is only aware of their own payoffs while the other player has the full game information.
On Faking a Nash Equilibrium
We characterize offline data poisoning attacks on Multi-Agent Reinforcement Learning (MARL), where an attacker may change a data set in an attempt to install a (potentially fictitious) unique Markov-perfect Nash equilibrium.
Non-Parametric Outlier Synthesis
Importantly, our proposed synthesis approach does not make any distributional assumption on the ID embeddings, thereby offering strong flexibility and generality.
Provable Defense against Backdoor Policies in Reinforcement Learning
Instead, our defense mechanism sanitizes the backdoor policy by projecting observed states to a 'safe subspace', estimated from a small number of interactions with a clean (non-triggered) environment.
Reward Poisoning Attacks on Offline Multi-Agent Reinforcement Learning
In offline multi-agent reinforcement learning (MARL), agents estimate policies from a given dataset.
Multi-agent Reinforcement Learning
reinforcement-learning
+1
Byzantine-Robust Online and Offline Distributed Reinforcement Learning
We consider a distributed reinforcement learning setting where multiple agents separately explore the environment and communicate their experiences through a central server.
Out-of-Distribution Detection with Deep Nearest Neighbors
In this paper, we explore the efficacy of non-parametric nearest-neighbor distance for OOD detection, which has been largely overlooked in the literature.
Game Redesign in No-regret Game Playing
We study the game redesign problem in which an external designer has the ability to change the payoff function in each round, but incurs a design cost for deviating from the original game.
Reward Poisoning in Reinforcement Learning: Attacks Against Unknown Learners in Unknown Environments
We study black-box reward poisoning attacks against reinforcement learning (RL), in which an adversary aims to manipulate the rewards to mislead a sequence of RL agents with unknown algorithms to learn a nefarious policy in an environment unknown to the adversary a priori.
Robust Policy Gradient against Strong Data Corruption
Our first result shows that no algorithm can find a better than $O(\epsilon)$-optimal policy under our attack model.
Sequential Attacks on Kalman Filter-based Forward Collision Warning Systems
In this paper, we study adversarial attacks on KF as part of the more complex machine-human hybrid system of Forward Collision Warning.
Policy Teaching in Reinforcement Learning via Environment Poisoning Attacks
We provide lower/upper bounds on the attack cost, and instantiate our attacks in two settings: (i) an offline setting where the agent is doing planning in the poisoned environment, and (ii) an online setting where the agent is learning a policy with poisoned feedback.
Preference-Based Batch and Sequential Teaching
We analyze several properties of the teaching complexity parameter $TD(\sigma)$ associated with different families of the preference functions, e. g., comparison to the VC dimension of the hypothesis class and additivity/sub-additivity of $TD(\sigma)$ over disjoint domains.
Using Machine Teaching to Investigate Human Assumptions when Teaching Reinforcement Learners
To solve the machine teaching optimization problem, we use a deep learning approximation method which simulates learners in the environment and learns to predict how feedback affects the learner's internal states.
Learning to Read through Machine Teaching
This is a hard combinatorial optimization problem even for a modest number of learning trials (e. g., 10K).
Provable Training Set Debugging for Linear Regression
We first formulate a general statistical algorithm for identifying buggy points and provide rigorous theoretical guarantees under the assumption that the data follow a linear model.
The Sample Complexity of Teaching-by-Reinforcement on Q-Learning
Our TDim results provide the minimum number of samples needed for reinforcement learning, and we discuss their connections to standard PAC-style RL sample complexity and teaching-by-demonstration sample complexity results.
Online Data Poisoning Attacks
We study data poisoning attacks in the online learning setting, where training data arrive sequentially, and the attacker is eavesdropping the data stream and has the ability to contaminate the current data point to affect the online learning process.
Policy Teaching via Environment Poisoning: Training-time Adversarial Attacks against Reinforcement Learning
We study a security threat to reinforcement learning where an attacker poisons the learning environment to force the agent into executing a target policy chosen by the attacker.
Adaptive Reward-Poisoning Attacks against Reinforcement Learning
In reward-poisoning attacks against reinforcement learning (RL), an attacker can perturb the environment reward $r_t$ into $r_t+\delta_t$ at each step, with the goal of forcing the RL agent to learn a nefarious policy.
A Unified Framework for Data Poisoning Attack to Graph-based Semi-supervised Learning
In this paper, we proposed a general framework for data poisoning attacks to graph-based semi-supervised learning (G-SSL).
Preference-Based Batch and Sequential Teaching: Towards a Unified View of Models
In our framework, each function $\sigma \in \Sigma$ induces a teacher-learner pair with teaching complexity as $\TD(\sigma)$.
Error Lower Bounds of Constant Step-size Stochastic Gradient Descent
To our knowledge, this is the first analysis for SGD error lower bound without the strong convexity assumption.
Policy Poisoning in Batch Reinforcement Learning and Control
We study a security threat to batch reinforcement learning and control where the attacker aims to poison the learned policy.
Can We Distinguish Machine Learning from Human Learning?
Specifically, we suggest a large and extensible class of learning tasks, formulated as learning under rules.
Should Adversarial Attacks Use Pixel p-Norm?
Adversarial attacks aim to confound machine learning systems, while remaining virtually imperceptible to humans.
Fooling Computer Vision into Inferring the Wrong Body Mass Index
Recently it's been shown that neural networks can use images of human faces to accurately predict Body Mass Index (BMI), a widely used health indicator.
Data Poisoning against Differentially-Private Learners: Attacks and Defenses
Data poisoning attacks aim to manipulate the model produced by a learning algorithm by adversarially modifying the training set.
Online Data Poisoning Attack
We study data poisoning attacks in the online setting where training items arrive sequentially, and the attacker may perturb the current item to manipulate online learning.
Optimal Attack against Autoregressive Models by Manipulating the Environment
In the white-box setting where the attacker knows the environment and forecast models, we present the optimal attack using LQR for linear models, and Model Predictive Control (MPC) for nonlinear models.
An Optimal Control View of Adversarial Machine Learning
I describe an optimal control view of adversarial machine learning, where the dynamical system is the machine learner, the input are adversarial actions, and the control costs are defined by the adversary's goals to do harm and be hard to detect.
Adversarial Attacks on Stochastic Bandits
We study adversarial attacks that manipulate the reward signals to control the actions chosen by a stochastic multi-armed bandit algorithm.
An Optimal Control Approach to Sequential Machine Teaching
Our key insight is to formulate sequential machine teaching as a time-optimal control problem.
Data Poisoning Attacks in Contextual Bandits
We provide a general attack framework based on convex optimization and show that by slightly manipulating rewards in the data, an attacker can force the bandit algorithm to pull a target arm for a target contextual vector.
Program Synthesis from Visual Specification
Program synthesis is the process of automatically translating a specification into computer code.
Teacher Improves Learning by Selecting a Training Subset
We call a learner super-teachable if a teacher can trim down an iid training set while making the learner learn even better.
Training Set Debugging Using Trusted Items
The set of trusted items may not by itself be adequate for learning, so we propose an algorithm that uses these items to identify bugs in the training set and thus im- proves learning.
An Overview of Machine Teaching
In this paper we try to organize machine teaching as a coherent set of ideas.
Are Key-Foreign Key Joins Safe to Avoid when Learning High-Capacity Classifiers?
Our results show that these high-capacity classifiers are surprisingly and counter-intuitively more robust to avoiding KFK joins compared to linear classifiers, refuting an intuition from the prior work's analysis.
Analysis of a Design Pattern for Teaching with Features and Labels
We analyze the potential risks and benefits of this teaching pattern through the use of teaching protocols, illustrative examples, and by providing bounds on the effort required for an optimal machine teacher using a linear learning algorithm, the most commonly used type of learners in interactive machine learning systems.
The Teaching Dimension of Linear Learners
Teaching dimension is a learning theoretic quantity that specifies the minimum training set size to teach a target model to a learner.
S2: An Efficient Graph Based Active Learning Algorithm with Application to Nonparametric Classification
This paper investigates the problem of active learning for binary label prediction on a graph.
Using Machine Teaching to Identify Optimal Training-Set Attacks on Machine Learners
We investigate a problem at the intersection of machine learning and security: training-set attacks on machine learners.
Machine Teaching for Bayesian Learners in the Exponential Family
What if there is a teacher who knows the learning goal and wants to design good training data for a machine learner?
