Towards Robust Deep Reinforcement Learning against Environmental State Perturbation

TL;DR

This paper addresses the vulnerability of deep reinforcement learning agents to environmental state perturbations by proposing a novel attack and a robust training framework called BAT, significantly improving agent resilience.

Contribution

It introduces the problem of environmental state perturbation in DRL, develops a calibration attack, and proposes BAT, a combined supervised and adversarial reinforcement learning framework for robustness.

Findings

Mainstream DRL agents are vulnerable to environmental state perturbations.

The proposed attack effectively exposes weaknesses in existing agents.

BAT significantly improves robustness across various scenarios.

Abstract

Adversarial attacks and robustness in Deep Reinforcement Learning (DRL) have been widely studied in various threat models; however, few consider environmental state perturbations, which are natural in embodied scenarios. To improve the robustness of DRL agents, we formulate the problem of environmental state perturbation, introducing a preliminary non-targeted attack method as a calibration adversary, and then propose a defense framework, named Boosted Adversarial Training (BAT), which first tunes the agents via supervised learning to avoid catastrophic failure and subsequently adversarially trains the agent with reinforcement learning. Extensive experimental results substantiate the vulnerability of mainstream agents under environmental state perturbations and the effectiveness of our proposed attack. The defense results demonstrate that while existing robust reinforcement learning algorithms may not be suitable, our BAT framework can significantly enhance the robustness of agents against environmental state perturbations across various situations.