Defense method, system and equipment for reinforcement learning backdoor attack

• Main Authors: HE YAN, WU SHAOSHI, CHEN HAO, ZHAI XIAOYU, CHEN SHIZHAO, XU LIXIA, DING YISHAN, HOU XINWEN, ZHONG JILONG, LIU YU, FAN BO
• Format: Patent
• Language: Chinese; English
• Published: 20.02.2024
• Subjects: CALCULATING; COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS; COMPUTING; COUNTING; ELECTRIC DIGITAL DATA PROCESSING; PHYSICS

The invention discloses a defense method, system and device for reinforcement learning backdoor attack, and relates to the technical field of artificial intelligence security, the method comprises the following steps: training an agent by using an offline reinforcement learning algorithm according to a reinforcement learning data set; in a safe environment, obtaining state transition information of interaction between the defense object and the environment; training a state-action error correction environment dynamic model by using the state transition information; detecting whether an attacker triggers a back door or not by utilizing the trained state-action error correction environment dynamic model; when the trigger backdoor exists, the defense object executes an action according to the predicted environment feedback state; and if the trigger backdoor does not exist, the defense object executes an action according to the environment feedback state at the current moment. According to the invention, backdoor