Don't Watch Me: A Spatio-Temporal Trojan Attack on Deep-Reinforcement-Learning-Augment Autonomous Driving

11/22/2022
by   Yinbo Yu, et al.
0

Deep reinforcement learning (DRL) is one of the most popular algorithms to realize an autonomous driving (AD) system. The key success factor of DRL is that it embraces the perception capability of deep neural networks which, however, have been proven vulnerable to Trojan attacks. Trojan attacks have been widely explored in supervised learning (SL) tasks (e.g., image classification), but rarely in sequential decision-making tasks solved by DRL. Hence, in this paper, we explore Trojan attacks on DRL for AD tasks. First, we propose a spatio-temporal DRL algorithm based on the recurrent neural network and attention mechanism to prove that capturing spatio-temporal traffic features is the key factor to the effectiveness and safety of a DRL-augment AD system. We then design a spatial-temporal Trojan attack on DRL policies, where the trigger is hidden in a sequence of spatial and temporal traffic features, rather than a single instant state used in existing Trojan on SL and DRL tasks. With our Trojan, the adversary acts as a surrounding normal vehicle and can trigger attacks via specific spatial-temporal driving behaviors, rather than physical or wireless access. Through extensive experiments, we show that while capturing spatio-temporal traffic features can improve the performance of DRL for different AD tasks, they suffer from Trojan attacks since our designed Trojan shows high stealthy (various spatio-temporal trigger patterns), effective (less than 3.1% performance variance rate and more than 98.5% attack success rate), and sustainable to existing advanced defenses.

READ FULL TEXT

page 1

page 7

page 11

research
07/21/2019

Characterizing Attacks on Deep Reinforcement Learning

Deep reinforcement learning (DRL) has achieved great success in various ...
research
01/06/2019

Exploring applications of deep reinforcement learning for real-world autonomous driving systems

Deep Reinforcement Learning (DRL) has become increasingly powerful in re...
research
03/17/2020

Watch your back: Backdoor Attacks in Deep Reinforcement Learning-based Autonomous Vehicle Control Systems

Autonomous Vehicles (AVs) with Deep Reinforcement Learning (DRL)-based c...
research
05/05/2022

A Temporal-Pattern Backdoor Attack to Deep Reinforcement Learning

Deep reinforcement learning (DRL) has made significant achievements in m...
research
04/21/2020

STDPG: A Spatio-Temporal Deterministic Policy Gradient Agent for Dynamic Routing in SDN

Dynamic routing in software-defined networking (SDN) can be viewed as a ...
research
09/02/2022

Spatio-Temporal Attack Course-of-Action (COA) Search Learning for Scalable and Time-Varying Networks

One of the key topics in network security research is the autonomous COA...
research
01/20/2022

Self-Awareness Safety of Deep Reinforcement Learning in Road Traffic Junction Driving

Autonomous driving has been at the forefront of public interest, and a p...

Please sign up or login with your details

Forgot password? Click here to reset