Understanding adversarial attacks on observations in deep reinforcement learning

被引:0
|
作者
You, Qiaoben [1 ]
Ying, Chengyang [1 ]
Zhou, Xinning [1 ]
Su, Hang [1 ,2 ]
Zhu, Jun [1 ,2 ]
Zhang, Bo [1 ]
机构
[1] Tsinghua Univ, Beijing Natl Res Ctr Informat Sci & Technol, Tsinghua Bosch Joint Ctr Machine Learning, Inst Artificial Intelligence,Dept Comp Sci & Techn, Beijing 100084, Peoples R China
[2] Peng Cheng Lab, Shenzhen 518055, Peoples R China
基金
中国国家自然科学基金;
关键词
deep learning; reinforcement learning; adversarial robustness; adversarial attack; GO;
D O I
10.1007/s11432-021-3688-y
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Deep reinforcement learning models are vulnerable to adversarial attacks that can decrease the cumulative expected reward of a victim by manipulating its observations. Despite the efficiency of previous optimization-based methods for generating adversarial noise in supervised learning, such methods might not achieve the lowest cumulative reward since they do not generally explore the environmental dynamics. Herein, a framework is provided to better understand the existing methods by reformulating the problem of adversarial attacks on reinforcement learning in the function space. The reformulation approach adopted herein generates an optimal adversary in the function space of targeted attacks, repelling them via a generic two-stage framework. In the first stage, a deceptive policy is trained by hacking the environment and discovering a set of trajectories routing to the lowest reward or the worst-case performance. Next, the adversary misleads the victim to imitate the deceptive policy by perturbing the observations. Compared to existing approaches, it is theoretically shown that our adversary is strong under an appropriate noise level. Extensive experiments demonstrate the superiority of the proposed method in terms of efficiency and effectiveness, achieving state-of-the-art performance in both Atari and MuJoCo environments.
引用
收藏
页数:15
相关论文
共 50 条
  • [1] Understanding adversarial attacks on observations in deep reinforcement learning
    You QIAOBEN
    Chengyang YING
    Xinning ZHOU
    Hang SU
    Jun ZHU
    Bo ZHANG
    [J]. Science China(Information Sciences), 2024, 67 (05) : 69 - 83
  • [2] Challenges and Countermeasures for Adversarial Attacks on Deep Reinforcement Learning
    Ilahi I.
    Usama M.
    Qadir J.
    Janjua M.U.
    Al-Fuqaha A.
    Hoang D.T.
    Niyato D.
    [J]. IEEE Transactions on Artificial Intelligence, 2022, 3 (02): : 90 - 109
  • [3] A Survey on Adversarial Attacks and Defenses for Deep Reinforcement Learning
    Liu A.-S.
    Guo J.
    Li S.-M.
    Xiao Y.-S.
    Liu X.-L.
    Tao D.-C.
    [J]. Jisuanji Xuebao/Chinese Journal of Computers, 2023, 46 (08): : 1553 - 1576
  • [4] Adversarial Attacks in a Deep Reinforcement Learning based Cluster Scheduler
    Zhang, Shaojun
    Wang, Chen
    Zomaya, Albert Y.
    [J]. 2020 IEEE 28TH INTERNATIONAL SYMPOSIUM ON MODELING, ANALYSIS, AND SIMULATION OF COMPUTER AND TELECOMMUNICATION SYSTEMS (MASCOTS 2020), 2020, : 1 - 8
  • [5] XSS adversarial example attacks based on deep reinforcement learning
    Chen, Li
    Tang, Cong
    He, Junjiang
    Zhao, Hui
    Lan, Xiaolong
    Li, Tao
    [J]. COMPUTERS & SECURITY, 2022, 120
  • [6] Stealthy and Efficient Adversarial Attacks against Deep Reinforcement Learning
    Sun, Jianwen
    Zhang, Tianwei
    Xie, Xiaofei
    Ma, Lei
    Zheng, Yan
    Chen, Kangjie
    Liu, Yang
    [J]. THIRTY-FOURTH AAAI CONFERENCE ON ARTIFICIAL INTELLIGENCE, THE THIRTY-SECOND INNOVATIVE APPLICATIONS OF ARTIFICIAL INTELLIGENCE CONFERENCE AND THE TENTH AAAI SYMPOSIUM ON EDUCATIONAL ADVANCES IN ARTIFICIAL INTELLIGENCE, 2020, 34 : 5883 - 5891
  • [7] Critical State Detection for Adversarial Attacks in Deep Reinforcement Learning
    Kumar, Praveen R.
    Kumar, Niranjan, I
    Sivasankaran, Sujith
    Vamsi, Mohan A.
    Vijayaraghavan, Vineeth
    [J]. 20TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA 2021), 2021, : 1761 - 1766
  • [8] Deep Reinforcement Adversarial Learning Against Botnet Evasion Attacks
    Apruzzese, Giovanni
    Andreolini, Mauro
    Marchetti, Mirco
    Venturi, Andrea
    Colajanni, Michele
    [J]. IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2020, 17 (04): : 1975 - 1987
  • [9] Robust Deep Reinforcement Learning with Adversarial Attacks Extended Abstract
    Pattanaik, Anay
    Tang, Zhenyi
    Liu, Shuijing
    Bommannan, Gautham
    Chowdhary, Girish
    [J]. PROCEEDINGS OF THE 17TH INTERNATIONAL CONFERENCE ON AUTONOMOUS AGENTS AND MULTIAGENT SYSTEMS (AAMAS' 18), 2018, : 2040 - 2042
  • [10] ACADIA: Efficient and Robust Adversarial Attacks Against Deep Reinforcement Learning
    Ali, Haider
    Al Ameedi, Mohannad
    Swami, Ananthram
    Ning, Rui
    Li, Jiang
    Wu, Hongyi
    Cho, Jin-Hee
    [J]. 2022 IEEE CONFERENCE ON COMMUNICATIONS AND NETWORK SECURITY (CNS), 2022, : 1 - 9