Due to the broad range of applications of multi-agent reinforcement learning (MARL), understanding the effects of adversarial attacks against MARL model is essential for the safe applications of this model. Motivated by this, we investigate the impact of adversarial attacks on MARL. In the considered setup, there is an exogenous attacker who is able to modify the rewards before the agents receive them or manipulate the actions before the environment receives them. The attacker aims to guide each agent into a target policy or maximize the cumulative rewards under some specific reward function chosen by the attacker, while minimizing the amount of manipulation on feedback and action. We first show the limitations of the action poisoning only attacks and the reward poisoning only attacks. We then introduce a mixed attack strategy with both the action poisoning and the reward poisoning. We show that the mixed attack strategy can efficiently attack MARL agents even if the attacker has no prior information about the underlying environment and the agents' algorithms.

翻译：由于多智能体强化学习（MARL）在众多领域的广泛应用，理解对抗攻击对MARL模型的影响对于该模型的安全应用至关重要。受此启发，我们研究了对抗攻击对MARL的影响。在所考虑的设定中，存在一个外部攻击者，其能够在智能体收到奖励之前修改奖励，或在环境收到动作之前操纵动作。攻击者的目标是引导每个智能体遵循目标策略，或根据攻击者选择的特定奖励函数最大化累积奖励，同时最小化对反馈和动作的操纵量。我们首先展示了仅使用动作投毒攻击和仅使用奖励投毒攻击的局限性。随后，我们引入了一种结合动作投毒与奖励投毒的混合攻击策略。我们证明，即使攻击者对底层环境和智能体算法缺乏先验信息，该混合攻击策略也能高效地攻击MARL智能体。