Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
175 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Belief-Enriched Pessimistic Q-Learning against Adversarial State Perturbations (2403.04050v1)

Published 6 Mar 2024 in cs.LG

Abstract: Reinforcement learning (RL) has achieved phenomenal success in various domains. However, its data-driven nature also introduces new vulnerabilities that can be exploited by malicious opponents. Recent work shows that a well-trained RL agent can be easily manipulated by strategically perturbing its state observations at the test stage. Existing solutions either introduce a regularization term to improve the smoothness of the trained policy against perturbations or alternatively train the agent's policy and the attacker's policy. However, the former does not provide sufficient protection against strong attacks, while the latter is computationally prohibitive for large environments. In this work, we propose a new robust RL algorithm for deriving a pessimistic policy to safeguard against an agent's uncertainty about true states. This approach is further enhanced with belief state inference and diffusion-based state purification to reduce uncertainty. Empirical results show that our approach obtains superb performance under strong attacks and has a comparable training overhead with regularization-based methods. Our code is available at https://github.com/SliencerX/Belief-enriched-robust-Q-learning.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (40)
  1. Karl J Astrom et al. Optimal control of markov processes with incomplete state information. Journal of mathematical analysis and applications, 10(1):174–205, 1965.
  2. Neuro-Dynamic Programming. Athena Scientific, 1st edition, 1996. ISBN 1886529108.
  3. Provable defense against backdoor policies in reinforcement learning. Advances in Neural Information Processing Systems(NeurIPS), 2022.
  4. Openai gym. arXiv preprint arXiv:1606.01540, 2016.
  5. Stealing deep reinforcement learning models for fun and profit. In Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security, pp.  307–319, 2021.
  6. Flow-based recurrent belief state learning for pomdps. In International Conference on Machine Learning(ICML), 2022.
  7. Implicit learning dynamics in stackelberg games: Equilibria characterization, convergence analysis, and empirical study. In International Conference on Machine Learning(ICML), 2020.
  8. Adversarial policies: Attacking deep reinforcement learning. In International Conference on Learning Representations(ICLR), 2020.
  9. Scalable verified training for provably robust image classification. In Proceedings of the IEEE/CVF International Conference on Computer Vision, 2019.
  10. Mastering atari with discrete world models. In International Conference on Learning Representations(ICLR), 2021.
  11. Robust multi-agent reinforcement learning with state uncertainty. Transactions on Machine Learning Research, 2023. ISSN 2835-8856.
  12. Denoising diffusion probabilistic models. arXiv preprint arxiv:2006.11239, 2020.
  13. Malicious attacks against deep reinforcement learning interpretations. In Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining, pp.  472–482, 2020.
  14. Adversarial attacks on neural network policies. arXiv:1702.02284, 2017.
  15. Deceptive reinforcement learning under adversarial manipulations on cost signals. In Decision and Game Theory for Security (GameSec), pp.  217–237, 2019.
  16. Challenges and countermeasures for adversarial attacks on deep reinforcement learning. IEEE Transactions on Artificial Intelligence, 3(2):90–109, 2022. doi: 10.1109/TAI.2021.3111139.
  17. Deep reinforcement learning for autonomous driving: A survey, 2021.
  18. Ville Könönen. Asymmetric multiagent reinforcement learning. Web Intelligence and Agent Systems: An international journal, 2(2):105–121, 2004.
  19. Stochastic latent actor-critic: Deep reinforcement learning with a latent variable model. Advances in Neural Information Processing Systems(NeurIPS), 2020a.
  20. Spatiotemporally constrained action space attacks on deep reinforcement learning agents. In Proceedings of the AAAI conference on artificial intelligence(AAAI), volume 34, pp.  4577–4584, 2020b.
  21. End-to-end training of deep visuomotor policies. The Journal of Machine Learning Research, 17(1):1334–1373, 2016.
  22. Efficient adversarial training without attacking: Worst-case-aware robust reinforcement learning. In Advances in Neural Information Processing Systems(NeurIPS), 2022.
  23. Particle filter recurrent neural networks. In The Thirty-Fourth AAAI Conference on Artificial Intelligence(AAAI), 2020.
  24. Playing atari with deep reinforcement learning, 2013.
  25. Human-level control through deep reinforcement learning. Nature, 518(7540):529–533, 2015.
  26. Robust deep reinforcement learning through adversarial loss. Advances in Neural Information Processing Systems(NeurIPS), 2021.
  27. OpenAI. Gpt-4 technical report, 2023.
  28. Finding approximate pomdp solutions through belief compression. Journal of artificial intelligence research, 23:1–40, 2005.
  29. Progressive distillation for fast sampling of diffusion models. In International Conference on Learning Representations(ICLR), 2022.
  30. Mastering the game of go with deep neural networks and tree search. Nature, 529(7587):484–489, 2016.
  31. Who is the strongest enemy? towards optimal and efficient evasion attacks in deep rl. arXiv preprint arXiv:2106.05087, 2021.
  32. Variational inference for data-efficient model learning in pomdps. arXiv preprint arXiv:1805.09281, 2018.
  33. Stackelberg policy gradient: Evaluating the performance of leaders and followers. In ICLR 2022 Workshop on Gamification and Multiagent Solutions, 2022.
  34. Outracing champion gran turismo drivers with deep reinforcement learning. Nature, 602(7896):223–228, 2022.
  35. Densepure: Understanding diffusion models towards adversarial robustness. arXiv preprint arXiv:2211.00322, 2022.
  36. Defending observation attacks in deep reinforcement learning via detection and denoising. Berlin, Heidelberg, 2023. Springer-Verlag. ISBN 978-3-031-26408-5.
  37. Robust deep reinforcement learning against adversarial perturbations on state observations. In Advances in Neural Information Processing Systems(NeurIPS), 2020a.
  38. Robust reinforcement learning on state observations with learned optimal adversary. In International Conference on Learning Representations(ICLR), 2021.
  39. Adaptive reward-poisoning attacks against reinforcement learning. In International Conference on Machine Learning(ICML), 2020b.
  40. Stackelberg actor-critic: Game-theoretic reinforcement learning algorithms. In Proceedings of the AAAI Conference on Artificial Intelligence(AAAI), 2022.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets