Tactics of Adversarial Attack on Deep Reinforcement Learning Agents

Lin, Yiguang; Hong, Zhang-Wei; Liao, Yuan-Hong; Shih, Meng-Li; Li, Mingyu; Sun, Min

doi:10.48550/arxiv.1703.06748

Cited by 90 publications

(143 citation statements)

References 0 publications

Supporting

Mentioning

132

Contrasting

Unclassified

Order By: Relevance

“…Specifically, adversarial attack and defense in RS have received a lot of attention in recent years [22] as security is crucial in RS. Moreover, DRL policies are vulnerable to adversarial perturbations to agent's observations [57]. Gleave et al [30] provide an adversarial attack method for perturbing the observations, thus affecting the learned policy.…”

Section: Robustness On Adversarial Samples and Attacksmentioning

confidence: 99%

“…Cao et al [10] provide an adversarial attack detection method for DRL-based RS which uses the GRU to encode the action space into a low-dimensional space and design decoders to detect the potential attack. However, it only considers Fast Gradient Sign Method (FGSM)-based attacks and strategically-timed attacks [57]. Thus, it lacks the capability to detect other types of attack.…”

Section: Robustness On Adversarial Samples and Attacksmentioning

confidence: 99%

See 1 more Smart Citation

A Survey of Deep Reinforcement Learning in Recommender Systems: A Systematic Review and Future Directions

Chen¹,

Yao²,

McAuley³

et al. 2021

Preprint

View full text Add to dashboard Cite

In light of the emergence of deep reinforcement learning (DRL) in recommender systems research and several fruitful results in recent years, this survey aims to provide a timely and comprehensive overview of the recent trends of deep reinforcement learning in recommender systems. We start with the motivation of applying DRL in recommender systems. Then, we provide a taxonomy of current DRL-based recommender systems and a summary of existing methods. We discuss emerging topics and open issues, and provide our perspective on advancing the domain. This survey serves as introductory material for readers from academia and industry into the topic and identifies notable opportunities for further research.

show abstract

Section: Robustness On Adversarial Samples and Attacksmentioning

confidence: 99%

Section: Robustness On Adversarial Samples and Attacksmentioning

confidence: 99%

A Survey of Deep Reinforcement Learning in Recommender Systems: A Systematic Review and Future Directions

Chen¹,

Yao²,

McAuley³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…In this work, we focus on the case of one-shot grid manipulation attack, and attack one specific line/bus state, where we do not need the exact state transition model. In [22], further discussion on the timing of attacks is made, while more systematic modeling of the state model s t+1 = f ((s(t), a(t)) is discussed in [23], which can craft stronger attack when the environment model can be learned by the attacker.…”

Section: B Attack Implementationmentioning

confidence: 99%

Understanding the Safety Requirements for Learning-based Power Systems Operations

Chen¹,

Arnold²,

Shi³

et al. 2021

Preprint

View full text Add to dashboard Cite

Recent advancements in machine learning and reinforcement learning have brought increased attention to their applicability in a range of decision-making tasks in the operations of power systems, such as short-term emergency control, Volt/VAr control, long-term residential demand response and battery energy management. Despite the promises of providing strong representation of complex system dynamics and fast, efficient learned operation strategies, the safety requirements of such learning paradigms are less discussed. This paper explores the design requirements on both data and model side of such learning algorithms by exploiting the impacts of adversarial attacks on safety critical system operations. Case studies performed on both voltage regulation and topology control tasks demonstrated the potential vulnerabilities of the standard reinforcement learning algorithms, and possible measures of machine learning robustness and security are discussed for power systems operation tasks.

show abstract

“…Generally speaking, there are two types of strategies to attack decision-making policies: (1) Attacking-on-States: directly tampering with the state sequence of the target policy. These methods [8], [9] impose small disturbances on the state observations to make the policy output wrong decisions or get a smaller reward. (2) Attacking-by-Policy: learning one or more adversarial policies through interacting with the target policy.…”

Section: B Attacks On Policiesmentioning

confidence: 99%

Multi-Agent Vulnerability Discovery for Autonomous Driving with Hazard Arbitration Reward

Liu¹,

Ye²,

Yu³

et al. 2021

Preprint

View full text Add to dashboard Cite

Discovering hazardous scenarios is crucial in testing and further improving driving policies. However, conducting efficient driving policy testing faces two key challenges. On the one hand, the probability of naturally encountering hazardous scenarios is low when testing a well-trained autonomous driving strategy. Thus, discovering these scenarios by purely real-world road testing is extremely costly. On the other hand, a proper determination of accident responsibility is necessary for this task. Collecting scenarios with wrong-attributed responsibilities will lead to an overly conservative autonomous driving strategy. To be more specific, we aim to discover hazardous scenarios that are autonomous-vehicle responsible (AV-responsible), i.e., the vulnerabilities of the under-test driving policy.To this end, this work proposes a Safety Test framework by finding Av-Responsible Scenarios (STARS) based on multiagent reinforcement learning. STARS guides other traffic participants to produce Av-Responsible Scenarios and make the under-test driving policy misbehave via introducing Hazard Arbitration Reward (HAR). HAR enables our framework to discover diverse, complex, and AV-responsible hazardous scenarios. Experimental results against four different driving policies in three environments demonstrate that STARS can effectively discover AV-responsible hazardous scenarios. These scenarios indeed correspond to the vulnerabilities of the undertest driving policies, thus are meaningful for their further improvements.

show abstract

Tactics of Adversarial Attack on Deep Reinforcement Learning Agents

Cited by 90 publications

References 0 publications

A Survey of Deep Reinforcement Learning in Recommender Systems: A Systematic Review and Future Directions

A Survey of Deep Reinforcement Learning in Recommender Systems: A Systematic Review and Future Directions

Understanding the Safety Requirements for Learning-based Power Systems Operations

Multi-Agent Vulnerability Discovery for Autonomous Driving with Hazard Arbitration Reward

Contact Info

Product

Resources

About