Challenges and Countermeasures for Adversarial Attacks on Deep Reinforcement Learning

Ilahi, Inaam; Usama, Muhammad; Qadir, Junaid; Janjua, Muhammad Umar; Al-Fuqaha, Ala; Hoang, Dinh Thai; Niyato, Dusit

doi:10.48550/arxiv.2001.09684

Cited by 13 publications

(16 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To date, there does not exist a defense that ensures complete protection against adversarial ML attacks. In our previous works [9], [21], we have performed an extensive survey of the adversarial ML literature on robustness against adversarial examples, and showed that nearly all defensive measures proposed in the literature can be divided into:…”

Section: Discussionmentioning

confidence: 99%

“…used in validating the defense and always look for a change in the false positive and false negative scores.• Evaluation of the defense mechanism against out-ofdistribution examples and transferability-based adversarial attacks is very important. Although these recommendations and many others in[9],[21]-[23] can help in designing a suitable defense against adversarial examples but this is still an open research problem in adversarial ML and ripe for investigation for ML-based 5G applications.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Examining Machine Learning for 5G and Beyond through an Adversarial Lens

Usama¹,

Mitra²,

Ilahi³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Spurred by the recent advances in deep learning to harness rich information hidden in large volumes of data and to tackle problems that are hard to model/solve (e.g., resource allocation problems), there is currently tremendous excitement in the mobile networks domain around the transformative potential of data-driven AI/ML based network automation, control and analytics for 5G and beyond. In this article, we present a cautionary perspective on the use of AI/ML in the 5G context by highlighting the adversarial dimension spanning multiple types of ML (supervised/unsupervised/RL) and support this through three case studies. We also discuss approaches to mitigate this adversarial ML risk, offer guidelines for evaluating the robustness of ML models, and call attention to issues surrounding ML oriented research in 5G more generally.

show abstract

Section: Discussionmentioning

confidence: 99%

mentioning

confidence: 99%

Examining Machine Learning for 5G and Beyond through an Adversarial Lens

Usama¹,

Mitra²,

Ilahi³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…In multi-agent environments, the ability of an attacker to create adversarial observations increases significantly [17]. A comprehensive survey on the main challenges and potential solutions for adversarial attacks on DRL is available in [21]. The authors classify attacks in four categories: attacks targeting (i) rewards, (ii) policies, (iii) observations, and (iv) the environment.…”

Section: Related Workmentioning

confidence: 99%

Towards Closing the Sim-to-Real Gap in Collaborative Multi-Robot Deep Reinforcement Learning

Zhao

Queralta

et al. 2020

2020 5th International Conference on Robotics and Automation Engineering (ICRAE)

View full text Add to dashboard Cite

Current research directions in deep reinforcement learning include bridging the simulation-reality gap, improving sample efficiency of experiences in distributed multi-agent reinforcement learning, together with the development of robust methods against adversarial agents in distributed learning, among many others. In this work, we are particularly interested in analyzing how multi-agent reinforcement learning can bridge the gap to reality in distributed multi-robot systems where the operation of the different robots is not necessarily homogeneous. These variations can happen due to sensing mismatches, inherent errors in terms of calibration of the mechanical joints, or simple differences in accuracy. While our results are simulation-based, we introduce the effect of sensing, calibration, and accuracy mismatches in distributed reinforcement learning with proximal policy optimization (PPO). We discuss on how both the different types of perturbances and how the number of agents experiencing those perturbances affect the collaborative learning effort. The simulations are carried out using a Kuka arm model in the Bullet physics engine. This is, to the best of our knowledge, the first work exploring the limitations of PPO in multi-robot systems when considering that different robots might be exposed to different environments where their sensors or actuators have induced errors. With the conclusions of this work, we set the initial point for future work on designing and developing methods to achieve robust reinforcement learning on the presence of realworld perturbances that might differ within a multi-robot system.

show abstract

“…In multi-agent environments, an attacker can significantly increase the adversarial observations ability [11]. Ilahi et al review emerging adversarial attacks in DRL-based systems and the potential countermeasures to defend against these attacks [17]. The authors classify the attacks as attacks targeting (i) rewards, (ii) policies, (iii) observations, and (iv) the environment.…”

Section: Related Workmentioning

confidence: 99%