Stealthy and efficient adversarial attacks against deep reinforcement learning
Adversarial attacks against conventional Deep Learning (DL) systems and algorithms have been widely studied, and various defenses were proposed. However, the possibility and feasibility of such attacks against Deep Reinforcement Learning (DRL) are less explored. As DRL has achieved great success in...
Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7116 https://ink.library.smu.edu.sg/context/sis_research/article/8119/viewcontent/6047_Article_Text_9272_1_10_20200513.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8119 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-81192022-04-14T11:40:51Z Stealthy and efficient adversarial attacks against deep reinforcement learning SUN, Jianwen ZHANG, Tianwei XIE, Xiaofei MA, Lei ZHENG, Yan CHEN, Kangjie LIU, Yang Adversarial attacks against conventional Deep Learning (DL) systems and algorithms have been widely studied, and various defenses were proposed. However, the possibility and feasibility of such attacks against Deep Reinforcement Learning (DRL) are less explored. As DRL has achieved great success in various complex tasks, designing effective adversarial attacks is an indispensable prerequisite towards building robust DRL algorithms. In this paper, we introduce two novel adversarial attack techniques to stealthily and efficiently attack the DRL agents. These two techniques enable an adversary to inject adversarial samples in a minimal set of critical moments while causing the most severe damage to the agent. The first technique is the critical point attack: the adversary builds a model to predict the future environmental states and agent’s actions, assesses the damage of each possible attack strategy, and selects the optimal one. The second technique is the antagonist attack: the adversary automatically learns a domainagnostic model to discover the critical moments of attacking the agent in an episode. Experimental results demonstrate the effectiveness of our techniques. Specifically, to successfully attack the DRL agent, our critical point technique only requires 1 (TORCS) or 2 (Atari Pong and Breakout) steps, and the antagonist technique needs fewer than 5 steps (4 Mujoco tasks), which are significant improvements over state-of-theart methods. 2020-02-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7116 https://ink.library.smu.edu.sg/context/sis_research/article/8119/viewcontent/6047_Article_Text_9272_1_10_20200513.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Software Engineering |
| spellingShingle |
Software Engineering SUN, Jianwen ZHANG, Tianwei XIE, Xiaofei MA, Lei ZHENG, Yan CHEN, Kangjie LIU, Yang Stealthy and efficient adversarial attacks against deep reinforcement learning |
| description |
Adversarial attacks against conventional Deep Learning (DL) systems and algorithms have been widely studied, and various defenses were proposed. However, the possibility and feasibility of such attacks against Deep Reinforcement Learning (DRL) are less explored. As DRL has achieved great success in various complex tasks, designing effective adversarial attacks is an indispensable prerequisite towards building robust DRL algorithms. In this paper, we introduce two novel adversarial attack techniques to stealthily and efficiently attack the DRL agents. These two techniques enable an adversary to inject adversarial samples in a minimal set of critical moments while causing the most severe damage to the agent. The first technique is the critical point attack: the adversary builds a model to predict the future environmental states and agent’s actions, assesses the damage of each possible attack strategy, and selects the optimal one. The second technique is the antagonist attack: the adversary automatically learns a domainagnostic model to discover the critical moments of attacking the agent in an episode. Experimental results demonstrate the effectiveness of our techniques. Specifically, to successfully attack the DRL agent, our critical point technique only requires 1 (TORCS) or 2 (Atari Pong and Breakout) steps, and the antagonist technique needs fewer than 5 steps (4 Mujoco tasks), which are significant improvements over state-of-theart methods. |
| format |
text |
| author |
SUN, Jianwen ZHANG, Tianwei XIE, Xiaofei MA, Lei ZHENG, Yan CHEN, Kangjie LIU, Yang |
| author_facet |
SUN, Jianwen ZHANG, Tianwei XIE, Xiaofei MA, Lei ZHENG, Yan CHEN, Kangjie LIU, Yang |
| author_sort |
SUN, Jianwen |
| title |
Stealthy and efficient adversarial attacks against deep reinforcement learning |
| title_short |
Stealthy and efficient adversarial attacks against deep reinforcement learning |
| title_full |
Stealthy and efficient adversarial attacks against deep reinforcement learning |
| title_fullStr |
Stealthy and efficient adversarial attacks against deep reinforcement learning |
| title_full_unstemmed |
Stealthy and efficient adversarial attacks against deep reinforcement learning |
| title_sort |
stealthy and efficient adversarial attacks against deep reinforcement learning |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/7116 https://ink.library.smu.edu.sg/context/sis_research/article/8119/viewcontent/6047_Article_Text_9272_1_10_20200513.pdf |
| _version_ |
1770576215780884480 |