Robust Reinforcement Learning on State Observations with Learned Optimal Adversary

TL;DR

This paper introduces a new framework called ATLA that trains reinforcement learning agents to be robust against adversarial perturbations in state observations by using learned adversaries and history-based policies, achieving superior performance in continuous control tasks.

Contribution

The paper proposes a novel adversarial attack method and an alternating training framework (ATLA) that enhances RL robustness against adversarial observation perturbations, incorporating history-based policies.

Findings

ATLA outperforms previous methods under strong adversaries.

Learned adversaries can generate more effective attacks than prior approaches.

History-aware policies, like LSTM, improve robustness against adversarial attacks.

Abstract

We study the robustness of reinforcement learning (RL) with adversarially perturbed state observations, which aligns with the setting of many adversarial attacks to deep reinforcement learning (DRL) and is also important for rolling out real-world RL agent under unpredictable sensing noise. With a fixed agent policy, we demonstrate that an optimal adversary to perturb state observations can be found, which is guaranteed to obtain the worst case agent reward. For DRL settings, this leads to a novel empirical adversarial attack to RL agents via a learned adversary that is much stronger than previous ones. To enhance the robustness of an agent, we propose a framework of alternating training with learned adversaries (ATLA), which trains an adversary online together with the agent using policy gradient following the optimal adversarial attack framework. Additionally, inspired by the analysis of state-adversarial Markov decision process (SA-MDP), we show that past states and actions (history) can be useful for learning a robust agent, and we empirically find a LSTM based policy can be more robust under adversaries. Empirical evaluations on a few continuous control environments show that ATLA achieves state-of-the-art performance under strong adversaries. Our code is available at https://github.com/huanzhang12/ATLA_robust_RL.