Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
12-2022
Abstract
Recent years have witnessed great potential in applying Deep Reinforcement Learning (DRL) in various challenging applications, such as autonomous driving, nuclear fusion control, complex game playing, etc. However, recently researchers have revealed that deep reinforcement learning models are vulnerable to adversarial attacks: malicious attackers can train adversarial policies to tamper with the observations of a well-trained victim agent, the latter of which fails dramatically when faced with such an attack. Understanding and improving the adversarial robustness of deep reinforcement learning is of great importance in enhancing the quality and reliability of a wide range of DRL-enabled systems. In this paper, we develop curiosity-driven and victim-aware adversarial policy training, a novel method that can more effectively exploit the defects of victim agents. To be victim-aware, we build a surrogate network that can approximate the state-value function of a black-box victim to collect the victim’s information. Then we propose a curiosity-driven approach, which encourages an adversarial policy to utilize the information from the hidden layer of the surrogate network to exploit the vulnerability of victims efficiently. Extensive experiments demonstrate that our proposed method outperforms or achieves a similar level of performance as the current state-of-the-art across multiple environments. We perform an ablation study to emphasize the benefits of utilizing the approximated victim information. Further analysis suggests that our method is harder to defend against a commonly used defensive strategy, which calls attention to more effective protection on the systems using DRL.
Keywords
Adversarial Attack, Reinforcement Learning, Curiosity Mechanism
Discipline
Databases and Information Systems
Research Areas
Data Science and Engineering; Information Systems and Management
Publication
Proceedings of the 38th Annual Computer Security Applications Conference, Austin, TX, USA, 2022 December 5-9
First Page
186
Last Page
200
ISBN
9781450397599
Identifier
10.1145/3564625.3564636
Publisher
Association for Computing Machinery
City or Country
New York
Citation
GONG, Chen; YANG, Zhou; BAI, Yunpeng; SHI, Jieke; SINHA, Arunesh; XU, Bowen; LO, David; HOU, Xinwen; and FAN, Guoliang.
Curiosity-driven and victim-aware adversarial policies. (2022). Proceedings of the 38th Annual Computer Security Applications Conference, Austin, TX, USA, 2022 December 5-9. 186-200.
Available at: https://ink.library.smu.edu.sg/sis_research/7682
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3564625.3564636