A unified framework for certifying robustness of offline RL against poisoning attacks

The goal of COPA is to systematically certify the robustness of different offline RL algorithms based on certification criteria including per-state action stability and the lower bound of cumulative reward. Specifically, we propose new partition and aggregation protocols (PARL, TPARL, DPARL) to obtain robust policies and provide certification methods for them.

In COPA-leaderboard, we present the certification results in three RL environments under two certification criteria. Notably, we offer direct comparisons from multiple aspects to enable better understanding of different aggregation protocols and offline RL algorithms of subpolicies.

The related paper can be found here.

Available Leaderboards