Real-time Adversarial Perturbations Against Deep Reinforcement Learning Policies: Attacks And Defenses
2021 Β· Buse G. A. Tekgul, Shelly Wang, Samuel Marchal, et al.
Abstract
Deep reinforcement learning (DRL) is vulnerable to adversarial perturbations. Adversaries can mislead the policies of DRL agents by perturbing the state of the environment observed by the agents. Existing attacks are feasible in principle, but face challenges in practice, either by being too slow to fool DRL policies in real time or by modifying past observations stored in the agent's memory. We show that Universal Adversarial Perturbations (UAP), independent of the individual inputs to which they are applied, can fool DRL policies effectively and in real time. We introduce three attack variants leveraging UAP. Via an extensive evaluation using three Atari 2600 games, we show that our attacks are effective, as they fully degrade the performance of three different DRL agents (up to 100%, even when the \(l_\infty\) bound on the perturbation is as small as 0.01). It is faster than the frame rate (60 Hz) of image capture and considerably faster than prior attacks (\(\approx 1.8\)ms). Our a
Authors
(none)
Tags
Stats
Related papers
- Adversarial Policies: Attacking Deep Reinforcement Learning (2019)0.00
- Attacking And Defending Deep Reinforcement Learning Policies (2022)0.00
- Query-based Targeted Action-space Adversarial Policies On Deep Reinforcement Learning Agents (2020)0.00
- Minimalistic Attacks: How Little It Takes To Fool A Deep Reinforcement Learning Policy (2019)0.00
- Robust Deep Reinforcement Learning Through Adversarial Attacks And Training : A Survey (2024)0.00
- Regret-based Defense In Adversarial Reinforcement Learning (2023)0.00
- Rethinking Adversarial Attacks In Reinforcement Learning From Policy Distribution Perspective (2025)5.84
- Robust Deep Reinforcement Learning With Adaptive Adversarial Perturbations In Action Space (2024)6.20