A Method to Effectively Detect Vulnerabilities on Path Planning of VIN

Liu, Jingjing; Niu, Wenjia; Liu, Jiqiang; Zhao, Jia; Chen, Tong; Yang, Yinqi; Xiang, Yingxiao; Han, Lei

doi:10.1007/978-3-319-89500-0_33

Cited by 5 publications

(10 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, [220] showed successful transferability of attacks across different DQN models. Additional early examples of black-box attacks on RL include [221] and [222].…”

Section: B Reinforcement Learningmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

Deep learning is at the heart of the current rise of artificial intelligence. In the field of Computer Vision, it has become the workhorse for applications ranging from self-driving cars to surveillance and security. Whereas deep neural networks have demonstrated phenomenal success (often beyond human capabilities) in solving complex problems, recent studies show that they are vulnerable to adversarial attacks in the form of subtle perturbations to inputs that lead a model to predict incorrect outputs. For images, such perturbations are often too small to be perceptible, yet they completely fool the deep learning models. Adversarial attacks pose a serious threat to the success of deep learning in practice. This fact has recently lead to a large influx of contributions in this direction. This article presents the first comprehensive survey on adversarial attacks on deep learning in Computer Vision. We review the works that design adversarial attacks, analyze the existence of such attacks and propose defenses against them. To emphasize that adversarial attacks are possible in practical conditions, we separately review the contributions that evaluate adversarial attacks in the real-world scenarios. Finally, drawing on the reviewed literature, we provide a broader outlook of this research direction.

show abstract

“…For example, [220] showed successful transferability of attacks across different DQN models. Additional early examples of black-box attacks on RL include [221] and [222].…”

Section: B Reinforcement Learningmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

show abstract

“…The main contribution for Liu et al (2017) is that they proposed a method for detecting potential attack which can obstruct VIN effectiveness. They built a 2D navigation task demonstrate VIN and studied how to add obstacles to effectively affect VIN's performance and propose a general method suitable for different kinds of environment.…”

Section: Adversarial Attack On Vin (Avi)mentioning

confidence: 99%

“…FGSM (Goodfellow et al 2014a), SPA (Xiang et al 2018), WBA (Bai et al 2018), and CDG (Chen et al 2018b) belong to White-box attack, which have access to the details related to training algorithm and corresponding parameters of the target model. Meanwhile, the PIA (Behzadan and Munir 2017), STA (Lin et al 2017), EA (Lin et al 2017), and AVI (Liu et al 2017) are Black-box attacks, in which adversary has no idea of the details related to training algorithm and corresponding parameters of the model, for the threat model discussed in these literatures, authors assumed that the adversary has access to the training environment bat has no idea of the random initializations of the target policy, and additionally does not know what the learning algorithm is.…”

Section: Summary For Adversarial Attack In Reinforcement Learningmentioning

confidence: 99%

“…Since it is not guaranteed that the generated adversarial examples will obstruct the VIN path planning successfully generated in Liu et al (2017), Wang et al explored a fast approach to automatically identify VIN adversarial examples. In order to estimate whether an attack is successful, they compared the difference between the two paths on a pair of maps, the normal map and the adversarial map.…”

Section: Discriminative Modelmentioning

confidence: 99%

“…For instance, in the field of Atari game, Lin et al (2017) proposed a "strategicallytimed attack" whose adversarial example at each time step is computed independently of the adversarial examples at other time steps, instead of attacking a deep RL agent at every time step (see "Black-box attack" section). Moreover, in the terms of automatic path planning, Liu et al (2017), Xiang et al (2018), Bai et al (2018) and Chen et al (2018b) all proposed methods which can take adversarial attack on reinforcement learning algorithms (VIN (Tamar et al 2016), Q-Learning (Watkins and Dayan 1992), DQN (Mnih et al 2013), A3C (Mnih et al 2016)) under automatic path planning tasks (see "Defense technology against adversarial attack" section).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Adversarial attack and defense in reinforcement learning-from AI security view

et al. 2019

Self Cite

View full text Add to dashboard Cite

Reinforcement learning is a core technology for modern artificial intelligence, and it has become a workhorse for AI applications ranging from Atrai Game to Connected and Automated Vehicle System (CAV). Therefore, a reliable RL system is the foundation for the security critical applications in AI, which has attracted a concern that is more critical than ever. However, recent studies discover that the interesting attack mode adversarial attack also be effective when targeting neural network policies in the context of reinforcement learning, which has inspired innovative researches in this direction. Hence, in this paper, we give the very first attempt to conduct a comprehensive survey on adversarial attacks in reinforcement learning under AI security. Moreover, we give briefly introduction on the most representative defense technologies against existing adversarial attacks.

show abstract