Challenges and Countermeasures for Adversarial Attacks on Deep Reinforcement Learning

Ilahi, Inaam; Usama, Muhammad; Qadir, Junaid; Janjua, Muhammad Umar; Al-Fuqaha, Ala; Huang, Dinh Thai; Niyato, Dusit

doi:10.1109/tai.2021.3111139

Cited by 74 publications

(33 citation statements)

References 60 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They have implemented their adversarial techniques and the performance results of their techniques to show that their system is very effective but did not solve robustness. Later on, this issue addressed by Ilahi et al 117 presented the security challenges and countermeasures for AL attacks on RL. They have analyzed the vulnerability details in‐depth, which helps to prevent a malicious attack.…”

Section: Al Techniques For Security and Privacy Preservationmentioning

confidence: 99%

Adversarial learning techniques for security and privacy preservation: A comprehensive review

Hathaliya

Tanwar

Sharma

2022

Security and Privacy

View full text Add to dashboard Cite

In recent years, the use of smart devices has increased exponentially, resulting in massive amounts of data. To handle this data, effective data storage and management has required. Cloud computing (CC) is a promising solution to deal with this huge amount of data. Electronic devices are collecting real‐time data from sensors and applications through a wireless communication channel in the digital era. In some cases, CC cannot protect against various malicious attacks in the wireless communication channel. To address this issue, we have used machine learning (ML) and deep learning (DL) techniques for attack detection in a wireless channel on an early basis. It trains a model to predict malicious activities of attackers, which aids in the security of CC's sensitive data. We employed adversarial learning techniques (AL) to add fake data into the model to ensure that the trained model was correct. The trained model can distinguish between the fake and real data from the training samples and improve the training samples' performance. AL provides different defense mechanisms to preserve the privacy of ML‐ and DL‐based model but does not ensure the system's robustness. To improve the system's robustness, we have used federated learning with blockchain technology to make a system more robust, reliable, accurate, and transparent. This integration aids in providing high‐graded security against adversarial attacks. This paper presents a comprehensive review to highlight the recent improvements in AL techniques. Moreover, we explored the various AL applications in security and privacy preservation. Finally, open research issues and future directions are discussed to show future research avenues.

show abstract

Section: Al Techniques For Security and Privacy Preservationmentioning

confidence: 99%

Adversarial learning techniques for security and privacy preservation: A comprehensive review

Hathaliya

Tanwar

Sharma

2022

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Data poisoning attacks like label flipping, backdoor attack, and model poisoning attack are very common adversarial attacks on DRL and are explored in the literature for IoV applications [3]. In a recent work, the authors provide a comprehensive survey on various attacks on DRL [6]. The authors in this work briefly discuss the possible choices of attacks carried out by an adversary on a DRL model which includes an attack on the state, action, reward, and model.…”

Section: Related Workmentioning

confidence: 99%

“…Specifically, we propose an attack detection framework against Sybil-based data poisoning attacks in the context of DRL-based mechanisms in IoV applications. Several adversarial data poisoning attacks like adversarial random noises, data flipping and backdoor attacks, are common and explored in the literature for vehicular applications [3], [6]. Different from the existing works, we use Sybil-based adversarial attacks.…”

Section: B Attack Modelmentioning

confidence: 99%

GFCL: A GRU-based Federated Continual Learning Framework against Adversarial Attacks in IoV

Talpur¹,

Gurusamy²

2022

Preprint

View full text Add to dashboard Cite

The integration of ML in 5G-based Internet of Vehicles (IoV) networks has enabled intelligent transportation and smart traffic management. Nonetheless, the security against adversarial attacks is also increasingly becoming a challenging task. Specifically, Deep Reinforcement Learning (DRL) is one of the widely used ML designs in IoV applications. The standard ML security techniques are not effective in DRL where the algorithm learns to solve sequential decision-making through continuous interaction with the environment, and the environment is time-varying, dynamic, and mobile. In this paper, we propose a Gated Recurrent Unit (GRU)-based federated continual learning (GFCL) anomaly detection framework against adversarial attacks in IoV. The objective is to present a lightweight and scalable framework that learns and detects the illegitimate behavior without having a-priori training dataset consisting of attack samples. We use GRU to predict a future data sequence to analyze and detect illegitimate behavior from vehicles in a federated learning-based distributed manner. We investigate the performance of our framework using real-world vehicle mobility traces. The results demonstrate the effectiveness of our proposed solution for different performance metrics.

show abstract

“…Adversarial attacks on deep reinforcement learning are often formulated to minimize the expected reward. Because there are multiple attack targets (such as states, actions, environments, and rewards) various attacks are possible in deep reinforcement learning [6]. A well-known adversarial attack on TV gameplay [7] is defined on the state space, which attacks adds an adversarial perturbation δ x to the input TV screen x.…”

Section: Related Workmentioning

confidence: 99%

“…Many adversarial attacks in deep reinforcement learning perturb the state observations to cause the agents to malfunction [5], [6]. The attacks on the state observations allow white-box attacks where the adversary can access the neural networks, such as policy networks and Q-networks, that take the state observations as the input [7]- [9].…”

Section: Introductionmentioning

confidence: 99%

Adversarial joint attacks on legged robots

Takuto¹,

Kera²,

Kawamoto³

2022

Preprint

View full text Add to dashboard Cite

We address adversarial attacks on the actuators at the joints of legged robots trained by deep reinforcement learning. The vulnerability to the joint attacks can significantly impact the safety and robustness of legged robots. In this study, we demonstrate that the adversarial perturbations to the torque control signals of the actuators can significantly reduce the rewards and cause walking instability in robots. To find the adversarial torque perturbations, we develop blackbox adversarial attacks, where, the adversary cannot access the neural networks trained by deep reinforcement learning. The black box attack can be applied to legged robots regardless of the architecture and algorithms of deep reinforcement learning. We employ three search methods for the black-box adversarial attacks: random search, differential evolution, and numerical gradient descent methods. In experiments with the quadruped robot Ant-v2 and the bipedal robot Humanoid-v2, in OpenAI Gym environments, we find that differential evolution can efficiently find the strongest torque perturbations among the three methods. In addition, we realize that the quadruped robot Ant-v2 is vulnerable to the adversarial perturbations, whereas the bipedal robot Humanoid-v2 is robust to the perturbations. Consequently, the joint attacks can be used for proactive diagnosis of robot walking instability.

show abstract

Challenges and Countermeasures for Adversarial Attacks on Deep Reinforcement Learning

Cited by 74 publications

References 60 publications

Adversarial learning techniques for security and privacy preservation: A comprehensive review

Adversarial learning techniques for security and privacy preservation: A comprehensive review

GFCL: A GRU-based Federated Continual Learning Framework against Adversarial Attacks in IoV

Adversarial joint attacks on legged robots

Contact Info

Product

Resources

About