Curiosity-driven and victim-aware adversarial policies
Recent years have witnessed great potential in applying Deep Reinforcement Learning (DRL) in various challenging applications, such as autonomous driving, nuclear fusion control, complex game playing, etc. However, recently researchers have revealed that deep reinforcement learning models are vulner...
Saved in:
| Main Authors: | , , , , , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7682 https://ink.library.smu.edu.sg/context/sis_research/article/8685/viewcontent/curiosity__1_.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8685 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-86852023-01-10T03:19:38Z Curiosity-driven and victim-aware adversarial policies GONG, Chen YANG, Zhou BAI, Yunpeng SHI, Jieke SINHA, Arunesh XU, Bowen LO, David HOU, Xinwen FAN, Guoliang Recent years have witnessed great potential in applying Deep Reinforcement Learning (DRL) in various challenging applications, such as autonomous driving, nuclear fusion control, complex game playing, etc. However, recently researchers have revealed that deep reinforcement learning models are vulnerable to adversarial attacks: malicious attackers can train adversarial policies to tamper with the observations of a well-trained victim agent, the latter of which fails dramatically when faced with such an attack. Understanding and improving the adversarial robustness of deep reinforcement learning is of great importance in enhancing the quality and reliability of a wide range of DRL-enabled systems. In this paper, we develop curiosity-driven and victim-aware adversarial policy training, a novel method that can more effectively exploit the defects of victim agents. To be victim-aware, we build a surrogate network that can approximate the state-value function of a black-box victim to collect the victim’s information. Then we propose a curiosity-driven approach, which encourages an adversarial policy to utilize the information from the hidden layer of the surrogate network to exploit the vulnerability of victims efficiently. Extensive experiments demonstrate that our proposed method outperforms or achieves a similar level of performance as the current state-of-the-art across multiple environments. We perform an ablation study to emphasize the benefits of utilizing the approximated victim information. Further analysis suggests that our method is harder to defend against a commonly used defensive strategy, which calls attention to more effective protection on the systems using DRL. 2022-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7682 info:doi/10.1145/3564625.3564636 https://ink.library.smu.edu.sg/context/sis_research/article/8685/viewcontent/curiosity__1_.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Adversarial Attack Reinforcement Learning Curiosity Mechanism Databases and Information Systems |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Adversarial Attack Reinforcement Learning Curiosity Mechanism Databases and Information Systems |
| spellingShingle |
Adversarial Attack Reinforcement Learning Curiosity Mechanism Databases and Information Systems GONG, Chen YANG, Zhou BAI, Yunpeng SHI, Jieke SINHA, Arunesh XU, Bowen LO, David HOU, Xinwen FAN, Guoliang Curiosity-driven and victim-aware adversarial policies |
| description |
Recent years have witnessed great potential in applying Deep Reinforcement Learning (DRL) in various challenging applications, such as autonomous driving, nuclear fusion control, complex game playing, etc. However, recently researchers have revealed that deep reinforcement learning models are vulnerable to adversarial attacks: malicious attackers can train adversarial policies to tamper with the observations of a well-trained victim agent, the latter of which fails dramatically when faced with such an attack. Understanding and improving the adversarial robustness of deep reinforcement learning is of great importance in enhancing the quality and reliability of a wide range of DRL-enabled systems. In this paper, we develop curiosity-driven and victim-aware adversarial policy training, a novel method that can more effectively exploit the defects of victim agents. To be victim-aware, we build a surrogate network that can approximate the state-value function of a black-box victim to collect the victim’s information. Then we propose a curiosity-driven approach, which encourages an adversarial policy to utilize the information from the hidden layer of the surrogate network to exploit the vulnerability of victims efficiently. Extensive experiments demonstrate that our proposed method outperforms or achieves a similar level of performance as the current state-of-the-art across multiple environments. We perform an ablation study to emphasize the benefits of utilizing the approximated victim information. Further analysis suggests that our method is harder to defend against a commonly used defensive strategy, which calls attention to more effective protection on the systems using DRL. |
| format |
text |
| author |
GONG, Chen YANG, Zhou BAI, Yunpeng SHI, Jieke SINHA, Arunesh XU, Bowen LO, David HOU, Xinwen FAN, Guoliang |
| author_facet |
GONG, Chen YANG, Zhou BAI, Yunpeng SHI, Jieke SINHA, Arunesh XU, Bowen LO, David HOU, Xinwen FAN, Guoliang |
| author_sort |
GONG, Chen |
| title |
Curiosity-driven and victim-aware adversarial policies |
| title_short |
Curiosity-driven and victim-aware adversarial policies |
| title_full |
Curiosity-driven and victim-aware adversarial policies |
| title_fullStr |
Curiosity-driven and victim-aware adversarial policies |
| title_full_unstemmed |
Curiosity-driven and victim-aware adversarial policies |
| title_sort |
curiosity-driven and victim-aware adversarial policies |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7682 https://ink.library.smu.edu.sg/context/sis_research/article/8685/viewcontent/curiosity__1_.pdf |
| _version_ |
1770576413352525824 |