2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W) 2020
DOI: 10.1109/dsn-w50199.2020.00013
|View full text |Cite
|
Sign up to set email alerts
|

Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
2

Citation Types

0
15
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
4
4
1

Relationship

0
9

Authors

Journals

citations
Cited by 21 publications
(15 citation statements)
references
References 12 publications
0
15
0
Order By: Relevance
“…Following this, a few works have further contributed to this rising topic of adversarial attacks in deep RL. Zhao et al [16] propose an approach to generate adversarial observations without previous knowledge on the network architecture and RL algorithm of the deep reinforcement learning agent. Instead of adding perturbations to the observations, Gleave et al [17] propose to train the agent with an adversarial policy.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Following this, a few works have further contributed to this rising topic of adversarial attacks in deep RL. Zhao et al [16] propose an approach to generate adversarial observations without previous knowledge on the network architecture and RL algorithm of the deep reinforcement learning agent. Instead of adding perturbations to the observations, Gleave et al [17] propose to train the agent with an adversarial policy.…”
Section: Related Workmentioning
confidence: 99%
“…The combined trajectory data can then be used to update the policy of the RL system. As deep RL systems typically inherit the vulnerability of deep neural networks to adversarial examples [15], some previous works have investigated the topic of adversarial attacks in deep RL [16,17]. Our work however is the first that deploys adversarial data augmentation in RL systems to improve their generalization capacity.…”
Section: Introductionmentioning
confidence: 99%
“…These methods require both reverting the environment to a previous state and making unlimited queries to π v , which is not possible in real-time. Other black-box methods [10,29] use proxy models to approximate π v . Adversarial perturbations are generated from these proxy models.…”
Section: Related Workmentioning
confidence: 99%
“…Prior work has demonstrated that RL is vulnerable to input perturbation attacks, where the attacker modifies the agent's observation with the goal of degrading its performance; for example, using the FGSM [13] to attack three RL networks [5]. Other attacks reduce the number of adversarial examples needed to decrease the agent's reward [17] or trigger misbehavior of the agent after a delay [18]. The learning process of DQN itself can be attacked [19], by constructing a replica model of the victim and transferring adversarial examples from the FGSM and JSMA [16] techniques to craft adversarial examples.…”
Section: Related Workmentioning
confidence: 99%