Policy Disruption in Reinforcement Learning:Adversarial Attack with Large Language Models and Critical State Identification

TL;DR

This paper introduces a novel adversarial attack framework for reinforcement learning that uses large language models to generate targeted rewards and identify critical states, effectively misleading agents without environment modification.

Contribution

The paper presents a new reward iteration optimization method leveraging LLMs and a critical state identification algorithm to attack RL agents more effectively.

Findings

Outperforms existing adversarial attack methods in diverse environments

Effectively identifies critical states where attacks cause maximum damage

Enhances attack success rate without environment modification

Abstract

Reinforcement learning (RL) has achieved remarkable success in fields like robotics and autonomous driving, but adversarial attacks designed to mislead RL systems remain challenging. Existing approaches often rely on modifying the environment or policy, limiting their practicality. This paper proposes an adversarial attack method in which existing agents in the environment guide the target policy to output suboptimal actions without altering the environment. We propose a reward iteration optimization framework that leverages large language models (LLMs) to generate adversarial rewards explicitly tailored to the vulnerabilities of the target agent, thereby enhancing the effectiveness of inducing the target agent toward suboptimal decision-making. Additionally, a critical state identification algorithm is designed to pinpoint the target agent's most vulnerable states, where suboptimal behavior from the victim leads to significant degradation in overall performance. Experimental results in diverse environments demonstrate the superiority of our method over existing approaches.