Illusionary Attacks on Sequential Decision Makers and Countermeasures

07/20/2022
by   Tim Franzmeyer, et al.
5

Autonomous intelligent agents deployed to the real-world need to be robust against adversarial attacks on sensory inputs. Existing work in reinforcement learning focuses on minimum-norm perturbation attacks, which were originally introduced to mimic a notion of perceptual invariance in computer vision. In this paper, we note that such minimum-norm perturbation attacks can be trivially detected by victim agents, as these result in observation sequences that are not consistent with the victim agent's actions. Furthermore, many real-world agents, such as physical robots, commonly operate under human supervisors, which are not susceptible to such perturbation attacks. As a result, we propose to instead focus on illusionary attacks, a novel form of attack that is consistent with the world model of the victim agent. We provide a formal definition of this novel attack framework, explore its characteristics under a variety of conditions, and conclude that agents must seek realism feedback to be robust to illusionary attacks.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
03/22/2023

State-of-the-art optical-based physical adversarial attacks for deep learning computer vision systems

Adversarial attacks can mislead deep learning models to make false predi...
research
12/12/2017

Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models

Many machine learning algorithms are vulnerable to almost imperceptible ...
research
02/25/2021

Fast Minimum-norm Adversarial Attacks through Adaptive Norm Constraints

Evaluating adversarial robustness amounts to finding the minimum perturb...
research
11/15/2022

Universal Distributional Decision-based Black-box Adversarial Attack with Reinforcement Learning

The vulnerability of the high-performance machine learning models implie...
research
02/25/2019

Adversarial Reinforcement Learning under Partial Observability in Software-Defined Networking

Recent studies have demonstrated that reinforcement learning (RL) agents...
research
03/24/2022

A Perturbation Constrained Adversarial Attack for Evaluating the Robustness of Optical Flow

Recent optical flow methods are almost exclusively judged in terms of ac...
research
06/09/2010

Building Computer Network Attacks

In this work we start walking the path to a new perspective for viewing ...

Please sign up or login with your details

Forgot password? Click here to reset