Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2022

Abstract

Recent years have witnessed great potential in applying Deep Reinforcement Learning (DRL) in various challenging applications, such as autonomous driving, nuclear fusion control, complex game playing, etc. However, recently researchers have revealed that deep reinforcement learning models are vulnerable to adversarial attacks: malicious attackers can train adversarial policies to tamper with the observations of a well-trained victim agent, the latter of which fails dramatically when faced with such an attack. Understanding and improving the adversarial robustness of deep reinforcement learning is of great importance in enhancing the quality and reliability of a wide range of DRL-enabled systems. In this paper, we develop curiosity-driven and victim-aware adversarial policy training, a novel method that can more effectively exploit the defects of victim agents. To be victim-aware, we build a surrogate network that can approximate the state-value function of a black-box victim to collect the victim’s information. Then we propose a curiosity-driven approach, which encourages an adversarial policy to utilize the information from the hidden layer of the surrogate network to exploit the vulnerability of victims efficiently. Extensive experiments demonstrate that our proposed method outperforms or achieves a similar level of performance as the current state-of-the-art across multiple environments. We perform an ablation study to emphasize the benefits of utilizing the approximated victim information. Further analysis suggests that our method is harder to defend against a commonly used defensive strategy, which calls attention to more effective protection on the systems using DRL.

Keywords

Adversarial Attack, Reinforcement Learning, Curiosity Mechanism

Discipline

Databases and Information Systems

Research Areas

Data Science and Engineering; Information Systems and Management

Publication

Proceedings of the 38th Annual Computer Security Applications Conference, Austin, TX, USA, 2022 December 5-9

First Page

186

Last Page

200

ISBN

9781450397599

Identifier

10.1145/3564625.3564636

Publisher

Association for Computing Machinery

City or Country

New York

Additional URL

https://doi.org/10.1145/3564625.3564636

Share

COinS