UC San Diego

In this thesis, we study the the detection of man-in-the-middle (MITM) attacks in model-free reinforcement learning. We consider the problem of a learning-based, where the system may be subjectto an adversarial attack that hijacks the feedback signal and the controller actions. The adversary first learns the dynamics of the system in a learning phase before hijacking the system in a attack phase. We then propose simple attack detection algorithms to detect such MITM attacks without for two different system models. Firstly, when the system can be modelled as a Markov decision process. Secondly, when it can modelled as a discrete linear time invariant (LTI) system with stochastic distrubances. We also show that a necessary and sufficient “informational advantage” condition must be met for both systems to guarantee the detection of attacks with high probability, while also avoiding false alarms.