TY - GEN
T1 - On the Security of RL–Based Artificial Pancreas Systems
AU - Chang, Preston
AU - Krish, Veena
AU - Rahmati, Amir
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
PY - 2026
Y1 - 2026
N2 - Reinforcement learning (RL) models have emerged as a promising alternative to traditional, model-based control methods for medical systems. Recently, deep RL techniques have been applied to autonomous glycemic control systems, commonly referred to as Artificial Pancreas (AP) systems, which operate through closed-loop communication between a glucose sensor and an insulin pump. This chapter is an updated summary of a paper originally presented at the ACM Cybersecurity in Healthcare (HealthSec) Workshop in October 2024 [7]. We examine the robustness of RL4BG, a prominent deep RL–based AP controller, against a range of glucose sensor malfunctions. We consider two realistic malfunction classes arising from natural errors or adversarial manipulation: (1) Denial-of-Service that captures worst-case sensor failures, and (2) Subtle manipulations that reflects stealthier, prolonged degradations. Our results demonstrate that this new generation of medical control systems is vulnerable to anomalous sensor inputs in safety-critical settings. These findings underscore the need for adversarially robust training methods when deploying RL-based medical controllers.
AB - Reinforcement learning (RL) models have emerged as a promising alternative to traditional, model-based control methods for medical systems. Recently, deep RL techniques have been applied to autonomous glycemic control systems, commonly referred to as Artificial Pancreas (AP) systems, which operate through closed-loop communication between a glucose sensor and an insulin pump. This chapter is an updated summary of a paper originally presented at the ACM Cybersecurity in Healthcare (HealthSec) Workshop in October 2024 [7]. We examine the robustness of RL4BG, a prominent deep RL–based AP controller, against a range of glucose sensor malfunctions. We consider two realistic malfunction classes arising from natural errors or adversarial manipulation: (1) Denial-of-Service that captures worst-case sensor failures, and (2) Subtle manipulations that reflects stealthier, prolonged degradations. Our results demonstrate that this new generation of medical control systems is vulnerable to anomalous sensor inputs in safety-critical settings. These findings underscore the need for adversarially robust training methods when deploying RL-based medical controllers.
KW - Adversarial Machine Learning
KW - Artificial Pancreas
KW - Reinforcement Learning-based Control Systems
UR - https://www.scopus.com/pages/publications/105027933484
U2 - 10.1007/978-3-032-13800-2_10
DO - 10.1007/978-3-032-13800-2_10
M3 - Conference contribution
AN - SCOPUS:105027933484
SN - 9783032137999
T3 - Communications in Computer and Information Science
SP - 217
EP - 231
BT - Cybersecurity in Healthcare - First Annual HealthSec 2024, Proceedings
A2 - Yurcik, William
PB - Springer Science and Business Media Deutschland GmbH
T2 - Workshop on Cybersecurity in Healthcare, HealthSec 2024
Y2 - 14 October 2024 through 14 October 2024
ER -