Challenges and Countermeasures for Adversarial Attacks on Deep Reinforcement Learning

@article{Ilahi2020ChallengesAC,
  title={Challenges and Countermeasures for Adversarial Attacks on Deep Reinforcement Learning},
  author={Inaam Ilahi and Muhammad Usama and Junaid Qadir and Muhammad Umar Janjua and Ala I. Al-Fuqaha and Dinh Thai Hoang and Dusit Tao Niyato},
  journal={IEEE Transactions on Artificial Intelligence},
  year={2020},
  volume={3},
  pages={90-109}
}
Deep reinforcement learning (DRL) has numerous applications in the real world, thanks to its ability to achieve high performance in a range of environments with little manual oversight. Despite its great advantages, DRL is susceptible to adversarial attacks, which precludes its use in real-life critical systems and applications (e.g., smart grids, traffic controls, and autonomous vehicles) unless its vulnerabilities are addressed and mitigated. To address this problem, we provide a… 
[PDF] Semantic Reader
52 Citations
Highly Influential Citations
6
Background Citations
36
Methods Citations
6
Results Citations
1

Figures and Tables from this paper

52 Citations

Query-based targeted action-space adversarial policies on deep reinforcement learning agents

This work investigates targeted attacks in the action-space domain (actuation attacks), which perturbs the outputs of a controller, and proposes the use of adversarial training with transfer learning to induce robust behaviors into the nominal policy, which decreases the rate of successful targeted attacks.

Targeted Adversarial Attacks on Deep Reinforcement Learning Policies via Model Checking

A metric is presented that measures the exact impact of adversarial attacks against temporal logic properties of Deep Reinforcement Learning policies and is used to craft optimal adversarian attacks.

Robust Deep Reinforcement Learning against Adversarial Perturbations on State Observations

The state-adversarialMarkov decision process (SA-MDP) is proposed, and a theoretically principled policy regularization is developed which can be applied to a large family of DRL algorithms, including proximal policy optimization (PPO), deep deterministic policy gradient (DDPG) and deep Q networks (DQN), for both discrete and continuous action control problems.

White-Box Adversarial Policies in Deep Reinforcement Learning

This work introduces white-box adversarial policies in which an attacker can observe a victim’s internal state at each timestep, and demonstrates that white- box access to a victim makes for better attacks in two-agent environments, resulting in both faster initial learning and higher asymptotic performance against the victim.

SoK: Adversarial Machine Learning Attacks and Defences in Multi-Agent Reinforcement Learning

A novel perspective to understand the manner of perpetrating an AML attack, by defining Attack Vectors is proposed, and two new frameworks to address a gap in current modelling frameworks are developed.

Efficient and Insidious Adversaries in Deep Reinforcement Learning

Findings show potential for effective attacks, reveal directions for continued work, and suggest a need for caution and effective defenses in the continued development of deep reinforcement learning systems.

Robust Deep Reinforcement Learning through Adversarial Loss

RADIAL-RL is proposed, a method to train reinforcement learning agents with improved robustness against any $l_p$-bounded adversarial attack, and a new evaluation method, Greedy Worst-Case Reward (GWC), for measuring attack agnostic robustness of RL agents.

Adversarial Attacks Against Reinforcement Learning Based Tactical Networks: A Case Study

This investigation examines the vulnerability of one Reinforcement Learning based solution against the novel attack vector of adversarial attacks specifically targeting RL algorithms and finds the targeted solution to be vulnerable to multiple attacks.

Search-Based Testing Approach for Deep Reinforcement Learning Agents

A Search-based Testing Approach of Reinforcement Learning Agents (STARLA) is proposed to test the policy of a DRL agent by effectively searching for failing executions of the agent within a limited testing budget and outperforms Random Testing by detecting more faults related to the agent’s policy.

Spiking Pitch Black: Poisoning an Unknown Environment to Attack Unknown Reinforcement Learners

This paper proposes a Double-Black-Box EPA framework, only assuming the attacker’s ability to alter environment hyperparameters and seeks minimal poisoning in an unknown environment and aims to force a black-box RL agent to learn an attacker-designed policy.
...

References

SHOWING 1-10 OF 144 REFERENCES

Characterizing Attacks on Deep Reinforcement Learning

The first targeted attacks based on action space and environment dynamics based on temporal consistency information among frames are proposed and introduced, and a sampling strategy is proposed to better estimate gradient in black-box setting.

Stealthy and Efficient Adversarial Attacks against Deep Reinforcement Learning

Two novel adversarial attack techniques to stealthily and efficiently attack the DRL agents by enabling an adversary to inject adversarial samples in a minimal set of critical moments while causing the most severe damage to the agent.

Malicious Attacks against Deep Reinforcement Learning Interpretations

This paper introduces the first study of the adversarial attacks against DRL interpretations, and proposes an optimization framework based on which the optimal adversarial attack strategy can be derived.

The Faults in Our Pi Stars: Security Issues and Open Challenges in Deep Reinforcement Learning

This paper forms the security requirements of DRL, and provides a high-level threat model through the classification and identification of vulnerabilities, attack vectors, and adversarial capabilities, and presents a review of current literature on security of deep RL from both offensive and defensive perspectives.

Enhanced Adversarial Strategically-Timed Attacks Against Deep Reinforcement Learning

  • C. YangJun Qi Xiaoli Ma
  • Computer Science
    ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)
  • 2020
This paper introduces timing-based adversarial strategies against a DRL-based navigation system by jamming in physical noise patterns on the selected time frames and proposes two adversarial agent models: one refers to online learning; another one is based on evolutionary learning.

Query-based targeted action-space adversarial policies on deep reinforcement learning agents

This work investigates targeted attacks in the action-space domain (actuation attacks), which perturbs the outputs of a controller, and proposes the use of adversarial training with transfer learning to induce robust behaviors into the nominal policy, which decreases the rate of successful targeted attacks.

Online Robust Policy Learning in the Presence of Unknown Adversaries

A Meta-Learned Advantage Hierarchy (MLAH) framework that is attack model-agnostic and more suited to reinforcement learning, via handling the attacks in the decision space and directly mitigating learned bias introduced by the adversary is introduced.

Robust Deep Reinforcement Learning against Adversarial Perturbations on State Observations

The state-adversarialMarkov decision process (SA-MDP) is proposed, and a theoretically principled policy regularization is developed which can be applied to a large family of DRL algorithms, including proximal policy optimization (PPO), deep deterministic policy gradient (DDPG) and deep Q networks (DQN), for both discrete and continuous action control problems.

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

This paper presents the first comprehensive survey on adversarial attacks on deep learning in computer vision, reviewing the works that design adversarial attack, analyze the existence of such attacks and propose defenses against them.

Robust Deep Reinforcement Learning through Adversarial Loss

RADIAL-RL is proposed, a method to train reinforcement learning agents with improved robustness against any $l_p$-bounded adversarial attack, and a new evaluation method, Greedy Worst-Case Reward (GWC), for measuring attack agnostic robustness of RL agents.
...