Selective real-time adversarial perturbations against deep reinforcement learning agents

IF 1.7 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS IET Cyber-Physical Systems: Theory and Applications Pub Date : 2023-09-22 DOI:10.1049/cps2.12065
Hongjin Yao, Yisheng Li, Yunpeng Sun, Zhichao Lian
{"title":"Selective real-time adversarial perturbations against deep reinforcement learning agents","authors":"Hongjin Yao,&nbsp;Yisheng Li,&nbsp;Yunpeng Sun,&nbsp;Zhichao Lian","doi":"10.1049/cps2.12065","DOIUrl":null,"url":null,"abstract":"<p>Recent work has shown that deep reinforcement learning (DRL) is vulnerable to adversarial attacks, so that exploiting vulnerabilities in DRL systems through adversarial attack techniques has become a necessary prerequisite for building robust DRL systems. Compared to traditional deep learning systems, DRL systems are characterised by long sequential decisions rather than one-step decision, so attackers must perform multi-step attacks on them. To successfully attack a DRL system, the number of attacks must be minimised to avoid detecting by the victim agent and to ensure the effectiveness of the attack. Some selective attack methods proposed in recent researches, that is, attacking an agent at partial time steps, are not applicable to real-time attack scenarios, although they can avoid detecting by the victim agent. A real-time selective attack method that is applicable to environments with discrete action spaces is proposed. Firstly, the optimal attack threshold <i>T</i> for performing selective attacks in the environment <i>Env</i> is determined. Then, the observation states corresponding to when the value of the action preference function of the victim agent in multiple eposides exceeds the threshold <i>T</i> are added to the training set according to this threshold. Finally, a universal perturbation is generated based on this training set, and it is used to perform real-time selective attacks on the victim agent. Comparative experiments show that our attack method can perform real-time attacks while maintaining the attack effect and stealthiness.</p>","PeriodicalId":36881,"journal":{"name":"IET Cyber-Physical Systems: Theory and Applications","volume":null,"pages":null},"PeriodicalIF":1.7000,"publicationDate":"2023-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cps2.12065","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Cyber-Physical Systems: Theory and Applications","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cps2.12065","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Recent work has shown that deep reinforcement learning (DRL) is vulnerable to adversarial attacks, so that exploiting vulnerabilities in DRL systems through adversarial attack techniques has become a necessary prerequisite for building robust DRL systems. Compared to traditional deep learning systems, DRL systems are characterised by long sequential decisions rather than one-step decision, so attackers must perform multi-step attacks on them. To successfully attack a DRL system, the number of attacks must be minimised to avoid detecting by the victim agent and to ensure the effectiveness of the attack. Some selective attack methods proposed in recent researches, that is, attacking an agent at partial time steps, are not applicable to real-time attack scenarios, although they can avoid detecting by the victim agent. A real-time selective attack method that is applicable to environments with discrete action spaces is proposed. Firstly, the optimal attack threshold T for performing selective attacks in the environment Env is determined. Then, the observation states corresponding to when the value of the action preference function of the victim agent in multiple eposides exceeds the threshold T are added to the training set according to this threshold. Finally, a universal perturbation is generated based on this training set, and it is used to perform real-time selective attacks on the victim agent. Comparative experiments show that our attack method can perform real-time attacks while maintaining the attack effect and stealthiness.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
针对深度强化学习代理的选择性实时对抗扰动
最近的研究表明,深度强化学习(DRL)很容易受到对抗性攻击,因此通过对抗性攻击技术利用DRL系统中的漏洞已成为构建稳健的DRL系统的必要前提。与传统的深度学习系统相比,DRL 系统的特点是长序列决策而非一步决策,因此攻击者必须对其实施多步骤攻击。要成功攻击 DRL 系统,必须尽量减少攻击次数,以避免被受害代理检测到,并确保攻击的有效性。近期研究中提出的一些选择性攻击方法,即在部分时间步骤攻击一个代理,虽然可以避免被受害代理检测到,但不适用于实时攻击场景。本文提出了一种适用于离散行动空间环境的实时选择性攻击方法。首先,确定在环境 Env 中进行选择性攻击的最佳攻击阈值 T。然后,根据该阈值,将多个外延中受害代理的行动偏好函数值超过阈值 T 时对应的观测状态添加到训练集中。最后,根据该训练集生成通用扰动,并利用它对受害代理进行实时选择性攻击。对比实验表明,我们的攻击方法可以在保持攻击效果和隐蔽性的同时进行实时攻击。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
IET Cyber-Physical Systems: Theory and Applications
IET Cyber-Physical Systems: Theory and Applications Computer Science-Computer Networks and Communications
CiteScore
5.40
自引率
6.70%
发文量
17
审稿时长
19 weeks
期刊最新文献
Guest Editorial: IoT-based secure health monitoring and tracking through estimated computing SEIR-driven semantic integration framework: Internet of Things-enhanced epidemiological surveillance in COVID-19 outbreaks using recurrent neural networks A machine learning model for Alzheimer's disease prediction Securing the Internet of Medical Things with ECG-based PUF encryption Status, challenges, and promises of data-driven battery lifetime prediction under cyber-physical system context
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1