Tactics of Adversarial Attack on Deep Reinforcement Learning Agents

Yen-Chen Lin; Zhang-Wei Hong; Yuan-Hong Liao; Meng-Li Shih; Ming-Yu; Liu; Min Sun

arXiv:1703.06748·cs.LG·November 14, 2019·96 cites

Tactics of Adversarial Attack on Deep Reinforcement Learning Agents

Yen-Chen Lin, Zhang-Wei Hong, Yuan-Hong Liao, Meng-Li Shih, Ming-Yu, Liu, Min Sun

PDF

Open Access

TL;DR

This paper introduces two novel adversarial attack tactics on deep reinforcement learning agents, demonstrating effective reward reduction and target state luring with minimal attack frequency and high success rates.

Contribution

The paper proposes strategically-timed and enchanting attack methods that effectively compromise deep RL agents with reduced detectability and high success, advancing adversarial attack strategies.

Findings

01

Strategically-timed attack reduces reward as much as uniform attack with fewer attacks.

02

Enchanting attack achieves over 70% success in luring agents to target states.

03

Attacks are effective on state-of-the-art deep RL algorithms like DQN and A3C.

Abstract

We introduce two tactics to attack agents trained by deep reinforcement learning algorithms using adversarial examples, namely the strategically-timed attack and the enchanting attack. In the strategically-timed attack, the adversary aims at minimizing the agent's reward by only attacking the agent at a small subset of time steps in an episode. Limiting the attack activity to this subset helps prevent detection of the attack by the agent. We propose a novel method to determine when an adversarial example should be crafted and applied. In the enchanting attack, the adversary aims at luring the agent to a designated target state. This is achieved by combining a generative model and a planning algorithm: while the generative model predicts the future states, the planning algorithm generates a preferred sequence of actions for luring the agent. A sequence of adversarial examples is then…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Advanced Malware Detection Techniques · Reinforcement Learning in Robotics

MethodsEntropy Regularization · Softmax · A3C · Q-Learning · Dense Connections · Convolution · Deep Q-Network