Journal
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING
Volume 20, Issue 1, Pages 758-768Publisher
IEEE COMPUTER SOC
DOI: 10.1109/TDSC.2022.3143566
Keywords
Perturbation methods; Switches; Reinforcement learning; Real-time systems; Databases; Trajectory; Games; Deep reinforcement learning; adversarial decoupled policy; adversarial attack
Ask authors/readers for more resources
In this work, a novel Decoupled Adversarial Policy (DAP) is proposed for attacking Deep Reinforcement Learning (DRL) mechanisms. The DAP decomposes the adversarial policy into two sub-policies: one to determine if an attacker should launch the attack, and the other to determine the action the attacker induces the victim to take. Extensive experiments on different Atari games show the effectiveness of the proposed method, which can simultaneously implement real-time and few-steps attacks, outperforming existing methods.
While Deep Reinforcement Learning (DRL) has achieved outstanding performance in extensive applications, exploiting its vulnerability with adversarial attacks is essential towards building robust DRL systems. In this work, we aim to propose a novel Decoupled Adversarial Policy (DAP) for attacking the DRL mechanism, whereas the adversarial agent can decompose the adversarial policy into two separate sub-policies: 1) the switch policy which determines if an attacker should launch the attack, and 2) the lure policy which determines the action an attacker induces the victim to take. If the adversarial agent samples an injection action from the switch policy, the attacker can query the pre-constructed database for universal perturbation in the real-time manner, misleading the victim to take the induced action sampled from the lure policy. To train the adversarial agent to learn DAP, we utilize those samples wherein both of the sub-actions from DAP are not restricted by each other or by the external constraint, but can actually affect the attacker's behaviors. Therefore, we propose trajectory clipping and padding in data pruning, and Decoupled Proximal Policy Optimization (DPPO) in optimizing. Extensive experiments on different Atari games demonstrate the effectiveness of our proposed method. In addition, it can simultaneously implement the real-time and few-steps attack, which outperforms the existing counterparts.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available