Observed Adversaries in Deep Reinforcement Learning
Eugene Lim, Harold Soh
TL;DR
This paper investigates the vulnerability of deep reinforcement learning policies to observed adversaries, demonstrating transferability of attacks and relevance to human-robot interaction scenarios.
Contribution
It highlights the existence of observed adversaries in deep RL, showing attack transferability and implications for real-world robotic systems.
Findings
Adversarial attacks persist even with low-dimensional observations.
Attacks can transfer across different victim policies.
Observed adversaries pose significant security risks in HRI contexts.
Abstract
In this work, we point out the problem of observed adversaries for deep policies. Specifically, recent work has shown that deep reinforcement learning is susceptible to adversarial attacks where an observed adversary acts under environmental constraints to invoke natural but adversarial observations. This setting is particularly relevant for HRI since HRI-related robots are expected to perform their tasks around and with other agents. In this work, we demonstrate that this effect persists even with low-dimensional observations. We further show that these adversarial attacks transfer across victims, which potentially allows malicious attackers to train an adversary without access to the target victim.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Reinforcement Learning in Robotics · Advanced Memory and Neural Computing