Go to UAI 2025 Conference homepageCollapsing Sequence-Level Data-Policy Coverage via Poisoning Attack in Offline Reinforcement Learning
Keywords: Offline Reinforcement Learning, Data Poisoning, Data-Policy Coverage, Sequence
TL;DR: This work investigates the impact of sequence-level data-policy coverage on offline RL through poisoning attacks, revealing by offline RL data challenges and the need for improved algorithm robustness and generalization.
Abstract: Offline reinforcement learning (RL) heavily relies on the coverage of pre-collected data over the target policy's distribution. Existing studies aim to improve data-policy coverage to mitigate distributional shifts, but overlook security risks from insufficient coverage, and the single-step analysis is not consistent with the multi-step decision-making nature of offline RL. To address this, we introduce the sequence-level concentrability coefficient to quantify coverage, and reveal its exponential amplification on the upper bound of estimation errors through theoretical analysis. Building on this, we propose the Collapsing Sequence-Level Data-Policy Coverage (CSDPC) poisoning attack. Considering the continuous nature of offline RL data, we convert state-action pairs into decision units, and extract representative decision patterns that capture multi-step behavior. We identify rare patterns likely to cause insufficient coverage, and poison them to reduce coverage and exacerbate distributional shifts. Experiments show that poisoning just 1% of the dataset can degrade agent performance by 90%.
This finding provides new perspectives for analyzing and safeguarding the security of offline RL.
Supplementary Material: zip
Latex Source Code: zip
Signed PMLR Licence Agreement: pdf
Readers: auai.org/UAI/2025/Conference, auai.org/UAI/2025/Conference/Area_Chairs, auai.org/UAI/2025/Conference/Reviewers, auai.org/UAI/2025/Conference/Submission619/Authors, auai.org/UAI/2025/Conference/Submission619/Reproducibility_Reviewers
Submission Number: 619
Loading