Probabilistic model checking is a useful technique for specifying and verifying properties of stochastic systems including randomized protocols and reinforcement learning models. Existing methods rely on the assumed structure and probabilities of certain system transitions. These assumptions may be incorrect, and may even be violated by an adversary who gains control of system components. In this paper, we develop a formal framework for adversarial robustness in systems modeled as discrete time Markov chains (DTMCs). We base our framework on existing methods for verifying probabilistic temporal logic properties and extend it to include deterministic, memoryless policies acting in Markov decision processes (MDPs). Our framework includes a flexible approach for specifying structure-preserving and non structure-preserving adversarial models. We outline a class of threat models under which adversaries can perturb system transitions, constrained by an $\varepsilon$ ball around the original transition probabilities. We define three main DTMC adversarial robustness problems: adversarial robustness verification, maximal $\delta$ synthesis, and worst case attack synthesis. We present two optimization-based solutions to these three problems, leveraging traditional and parametric probabilistic model checking techniques. We then evaluate our solutions on two stochastic protocols and a collection of Grid World case studies, which model an agent acting in an environment described as an MDP. We find that the parametric solution results in fast computation for small parameter spaces. In the case of less restrictive (stronger) adversaries, the number of parameters increases, and directly computing property satisfaction probabilities is more scalable. We demonstrate the usefulness of our definitions and solutions by comparing system outcomes over various properties, threat models, and case studies.
翻译:概率模型检查是一种有用的技术,用于确定和核查随机协议和强化学习模型等随机测试系统特性。现有方法依赖于某些系统过渡的假设结构和概率。这些假设可能不正确,甚至被一个控制系统组成部分的对手所违反。在本文件中,我们为以离散时间马尔科夫链(DMCs)为模型的系统中的对抗性强力开发了一个正式框架。我们根据现有方法来核查概率性时间逻辑特性,并将这一框架扩大到包括马尔科夫决策程序中的确定性、不记忆性的政策。我们的框架包括一种灵活的方法,以具体确定结构保存和非结构保存对抗模式。这些假设可能不正确,甚至可能被一个赢得系统组成部分控制权的对手所违反。我们在以离散时间马尔科夫链(DMCs)为模型的模型中,我们定义了三种主要的对抗性强力模型(我们找到对抗性强性强力测试、最高性价比合成和最坏的攻击性综合)。我们提出了两种基于精确性定义的比较性能模型,在三个问题上,利用传统的和测量性价比案例研究中,我们用一种比较性能的模型来评估了一种比较性方法,在比较性能模型中,在两种比较性能模型中,一种比较性能模型中,在研究中,用一种比较性能案例研究中,在比较性能模型进行一种比较性能的案例研究研究,在比较性能的立地研究,用一种比较性能的立地研究,在一种比较性能学的立法,在两种比较性能的案例研究研究,在比较性能模型中,在一种比较性能的案例研究研究中,在比较性能模型中,在一种比较性能模型中,在一种比较性能模型中,在比较性能性能的立,在一种比较性能学的立,在一种比较性能学性能学性能的体能学的立地研究,在一种比较性能学的立,在一种比较性能学学学学学的立作性能模型研究中,在比较性能学的立能学的立的立的立能学的立地能学的立地能学的立作的立地能学分义上,在一种比较性能模型研究中,在一种比较性能的立的立的立作作作作作作作的立作