Bandit algorithm has become a reference solution for sequential decision-making problems and has been applied in many real-world scenarios such as recommender systems, display advertisements, and clinical trials. Recent works showed that multi-armed (non-contextual) bandits are vulnerable to data poisoning attack: by manipulating a small amount of rewards, an adversary could control the behavior of the bandit algorithm. However, little is known about the vulnerability of contextual bandits. In this talk, I will first answer the question "When are linear stochastic bandits attackable?". I will introduce the complete necessity and sufficiency characterization of attackability of linear stochastic bandits, which is based on the geometry of the arms' context vectors. A practical two-stage attack method is then proposed following the condition. Finally, I will talk about our new result on defending against poisoning attack inspired by the condition.
Huazheng Wang is an assistant professor in School of Electrical Engineering and Computer Science at Oregon State University. He was a postdoctoral research associate at Princeton University from 2021 to 2022. He received his PhD in Computer Science from University of Virginia in 2021, and his B.E. from University of Science and Technology of China in 2015. His research interests include machine learning, reinforcement learning and information retrieval. His recent focus is developing efficient and robust reinforcement learning and multi-armed bandit algorithms with applications to online recommendation and ranking systems. He is a recipient of SIGIR 2019 Best Paper Award.