Attacking And Defending Deep Reinforcement Learning Policies
2022 Β· Chao Wang
Abstract
Recent studies have shown that deep reinforcement learning (DRL) policies are vulnerable to adversarial attacks, which raise concerns about applications of DRL to safety-critical systems. In this work, we adopt a principled way and study the robustness of DRL policies to adversarial attacks from the perspective of robust optimization. Within the framework of robust optimization, optimal adversarial attacks are given by minimizing the expected return of the policy, and correspondingly a good defense mechanism should be realized by improving the worst-case performance of the policy. Considering that attackers generally have no access to the training environment, we propose a greedy attack algorithm, which tries to minimize the expected return of the policy without interacting with the environment, and a defense algorithm, which performs adversarial training in a max-min form. Experiments on Atari game environments show that our attack algorithm is more effective and leads to worse return
Authors
(none)
Tags
Stats
Related papers
- Regret-based Defense In Adversarial Reinforcement Learning (2023)0.00
- Towards Robust Policy: Enhancing Offline Reinforcement Learning With Adversarial Attacks And Defenses (2024)3.58
- Real-time Adversarial Perturbations Against Deep Reinforcement Learning Policies: Attacks And Defenses (2021)0.00
- Adversarial Policies: Attacking Deep Reinforcement Learning (2019)0.00
- Online Robust Policy Learning In The Presence Of Unknown Adversaries (2018)0.00
- Adversary Agnostic Robust Deep Reinforcement Learning (2020)6.77
- Optimal Attack And Defense For Reinforcement Learning (2023)6.34
- Robust Deep Reinforcement Learning Through Adversarial Attacks And Training : A Survey (2024)0.00