ARC: Adversarially Robust Control Policies for Autonomous Vehicles

TL;DR

This paper introduces ARC, a training method for autonomous vehicle control policies that enhances robustness against adversarial strategies, significantly reducing collisions without sacrificing original performance.

Contribution

The paper proposes Adversarially Robust Control (ARC), a novel end-to-end training approach that improves the robustness of control policies against adversarial attacks in autonomous driving.

Findings

Reduces collisions against new adversaries by up to 90.25%.

Training against an ensemble of adversaries improves policy robustness.

Auxiliary distillation loss maintains original performance during fine-tuning.

Abstract

Deep neural networks have demonstrated their capability to learn control policies for a variety of tasks. However, these neural network-based policies have been shown to be susceptible to exploitation by adversarial agents. Therefore, there is a need to develop techniques to learn control policies that are robust against adversaries. We introduce Adversarially Robust Control (ARC), which trains the protagonist policy and the adversarial policy end-to-end on the same loss. The aim of the protagonist is to maximise this loss, whilst the adversary is attempting to minimise it. We demonstrate the proposed ARC training in a highway driving scenario, where the protagonist controls the follower vehicle whilst the adversary controls the lead vehicle. By training the protagonist against an ensemble of adversaries, it learns a significantly more robust control policy, which generalises to a variety of adversarial strategies. The approach is shown to reduce the amount of collisions against new adversaries by up to 90.25%, compared to the original policy. Moreover, by utilising an auxiliary distillation loss, we show that the fine-tuned control policy shows no drop in performance across its original training distribution.