Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
97 tokens/sec
GPT-4o
53 tokens/sec
Gemini 2.5 Pro Pro
44 tokens/sec
o3 Pro
5 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Regret-Based Defense in Adversarial Reinforcement Learning (2302.06912v4)

Published 14 Feb 2023 in cs.LG and cs.AI

Abstract: Deep Reinforcement Learning (DRL) policies have been shown to be vulnerable to small adversarial noise in observations. Such adversarial noise can have disastrous consequences in safety-critical environments. For instance, a self-driving car receiving adversarially perturbed sensory observations about nearby signs (e.g., a stop sign physically altered to be perceived as a speed limit sign) or objects (e.g., cars altered to be recognized as trees) can be fatal. Existing approaches for making RL algorithms robust to an observation-perturbing adversary have focused on reactive approaches that iteratively improve against adversarial examples generated at each iteration. While such approaches have been shown to provide improvements over regular RL methods, they are reactive and can fare significantly worse if certain categories of adversarial examples are not generated during training. To that end, we pursue a more proactive approach that relies on directly optimizing a well-studied robustness measure, regret instead of expected value. We provide a principled approach that minimizes maximum regret over a "neighborhood" of observations to the received "observation". Our regret criterion can be used to modify existing value- and policy-based Deep RL methods. We demonstrate that our approaches provide a significant improvement in performance across a wide variety of benchmarks against leading approaches for robust Deep RL.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (38)
  1. Regret based robust solutions for uncertain Markov decision processes.
  2. Maksym Andriushchenko and Nicolas Flammarion. 2020. Understanding and improving fast adversarial training. Advances in Neural Information Processing Systems 33 (2020), 16048–16059.
  3. Recent advances in adversarial training for adversarial robustness. arXiv preprint arXiv:2102.01356 (2021).
  4. A model-based reinforcement learning with adversarial training for online recommendation. Advances in Neural Information Processing Systems 32 (2019).
  5. The Arcade Learning Environment: An Evaluation Platform for General Agents. Journal of Artificial Intelligence Research 47 (jun 2013), 253–279. https://doi.org/10.1613/jair.3912
  6. A cognitive hierarchy model of games. The Quarterly Journal of Economics 119, 3 (2004), 861–898.
  7. Robust Physical Adversarial Attack on Faster R-CNN Object Detector. CoRR abs/1804.05810 (2018). arXiv:1804.05810 http://arxiv.org/abs/1804.05810
  8. Certified Adversarial Robustness for Deep Reinforcement Learning. CoRR abs/2004.06496 (2020). arXiv:2004.06496 https://arxiv.org/abs/2004.06496
  9. Domain-adversarial training of neural networks. The journal of machine learning research 17, 1 (2016), 2096–2030.
  10. Adversarial Policies: Attacking Deep Reinforcement Learning. https://doi.org/10.48550/ARXIV.1905.10615
  11. Explaining and Harnessing Adversarial Examples. https://doi.org/10.48550/ARXIV.1412.6572
  12. Adversarial Attacks on Neural Network Policies. https://doi.org/10.48550/ARXIV.1702.02284
  13. Regret minimization for partially observable deep reinforcement learning. , 2342–2351 pages.
  14. Robust reinforcement learning via adversarial training with langevin dynamics. Advances in Neural Information Processing Systems 33 (2020), 8127–8138.
  15. Transfer of adversarial robustness between perturbation types. arXiv preprint arXiv:1905.01034 (2019).
  16. Deep reinforcement learning for autonomous driving: A survey.
  17. Jernej Kos and Dawn Song. 2017. Delving into adversarial attacks on deep policies. https://doi.org/10.48550/ARXIV.1705.06452
  18. Edouard Leurent. 2018. An Environment for Autonomous Driving Decision-Making. https://github.com/eleurent/highway-env.
  19. Efficient adversarial training without attacking: Worst-case-aware robust reinforcement learning. Advances in Neural Information Processing Systems 35 (2022), 22547–22561.
  20. Tactics of Adversarial Attack on Deep Reinforcement Learning Agents. CoRR abs/1703.06748 (2017). arXiv:1703.06748 http://arxiv.org/abs/1703.06748
  21. Towards Deep Learning Models Resistant to Adversarial Attacks. https://doi.org/10.48550/ARXIV.1706.06083
  22. Playing Atari with Deep Reinforcement Learning. (2013). https://doi.org/10.48550/ARXIV.1312.5602
  23. Human-level control through deep reinforcement learning. nature 518, 7540 (2015), 529–533.
  24. Robust Deep Reinforcement Learning through Adversarial Loss. (2021). https://openreview.net/forum?id=eaAM_bdW0Q
  25. Robust deep reinforcement learning with adversarial attacks.
  26. Robust adversarial reinforcement learning. In International Conference on Machine Learning. PMLR, 2817–2826.
  27. EPOpt: Learning Robust Neural Network Policies Using Model Ensembles. arXiv:1610.01283 [cs.LG]
  28. Minimax Regret Optimisation for Robust Planning in Uncertain Markov Decision Processes. , 11930-11938 pages. https://doi.org/10.1609/aaai.v35i13.17417
  29. Proximal Policy Optimization Algorithms. https://doi.org/10.48550/ARXIV.1707.06347
  30. Adversarial training for free! Advances in Neural Information Processing Systems 32 (2019).
  31. Universal adversarial training. In Proceedings of the AAAI Conference on Artificial Intelligence, Vol. 34. 5636–5643.
  32. Toward self-driving processes: A deep reinforcement learning approach to control. , e16689 pages.
  33. Stealthy and Efficient Adversarial Attacks against Deep Reinforcement Learning. , 5883-5891 pages. https://doi.org/10.1609/aaai.v34i04.6047
  34. Who Is the Strongest Enemy? Towards Optimal and Efficient Evasion Attacks in Deep RL. arXiv:2106.05087 [cs.LG]
  35. Robustifying reinforcement learning agents via action space adversarial training. In 2020 American control conference (ACC). IEEE, 3959–3964.
  36. MuJoCo: A physics engine for model-based control. In 2012 IEEE/RSJ International Conference on Intelligent Robots and Systems. IEEE, 5026–5033. https://doi.org/10.1109/IROS.2012.6386109
  37. Fast is better than free: Revisiting adversarial training. arXiv preprint arXiv:2001.03994 (2020).
  38. Robust Deep Reinforcement Learning against Adversarial Perturbations on State Observations. https://doi.org/10.48550/ARXIV.2003.08938
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (4)
  1. Roman Belaire (2 papers)
  2. Pradeep Varakantham (50 papers)
  3. Thanh Nguyen (70 papers)
  4. David Lo (229 papers)
Citations (2)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now