Saving Stochastic Bandits from Poisoning Attacks via Limited Data Verification

This paper studies bandit algorithms under data poisoning attacks in a bounded reward setting. We consider strong attacker model which the can observe both selected actions and their corresponding rewards, contaminate rewards with additive noise. show that any algorithm regret O(log T) be forced to suffer O(T) an expected amount of contamination T). is also necessary, as we prove there exists algorithm, specifically classical UCB, requires Omega(log Omega(T). To combat such attacks, our second main contribution propose verification based mechanisms, use limited access number uncontaminated rewards. In particular, for case unlimited verifications, simple modified version Explore-then-Commit type restore order optimal irrespective used by attacker. provide UCB-like scheme, called Secure-UCB, enjoys full recovery from verifications. derive matching lower bound on order-optimal this verifications necessary recover regret. On other hand, when above budget B, novel Secure-BARBAR, provably achieves O(min(C,T/sqrt(B))) high probability against weak attackers (i.e., who have place before seeing actual pulls algorithm), where C total attacker, breaks known Omega(C) non-verified setting if large.