Copycat: Taking Control Of Neural Policies With Constant Attacks

Abstract

We propose a new perspective on adversarial attacks against deep reinforcement learning agents. Our main contribution is CopyCAT, a targeted attack able to consistently lure an agent into following an outsider's policy. It is pre-computed, therefore fast inferred, and could thus be usable in a real-time scenario. We show its effectiveness on Atari 2600 games in the novel read-only setting. In this setting, the adversary cannot directly modify the agent's state -- its representation of the environment -- but can only attack the agent's observation -- its perception of the environment. Directly modifying the agent's state would require a write-access to the agent's inner workings and we argue that this assumption is too strong in realistic settings.

Stats

• citations0
• S2 citations—
• github stars0
• HF likes0
• heat score0.00
• arxiv keyhussenot2019copycat

Related papers

• Minimalistic Attacks: How Little It Takes To Fool A Deep Reinforcement Learning Policy (2019)0.00
• Adversarial Policies: Attacking Deep Reinforcement Learning (2019)0.00
• Robust Deep Reinforcement Learning Against Adversarial Behavior Manipulation (2024)0.00
• Real-time Adversarial Perturbations Against Deep Reinforcement Learning Policies: Attacks And Defenses (2021)0.00
• RAT: Adversarial Attacks On Deep Reinforcement Agents For Targeted Behaviors (2024)0.00
• Constrained Black-box Attacks Against Cooperative Multi-agent Reinforcement Learning (2025)0.00
• SUB-PLAY: Adversarial Policies Against Partially Observed Multi-agent Reinforcement Learning Systems (2024)0.00
• Imitating Opponent To Win: Adversarial Policy Imitation Learning In Two-player Competitive Games (2022)0.00