DeepAI AI Chat
Log In Sign Up

Minimalistic Attacks: How Little it Takes to Fool a Deep Reinforcement Learning Policy

by   Xinghua Qu, et al.

Recent studies have revealed that neural network-based policies can be easily fooled by adversarial examples. However, while most prior works analyze the effects of perturbing every pixel of every frame assuming white-box policy access, in this paper, we take a more minimalistic view towards adversary generation - with the goal of unveiling the limits of a model's vulnerability. In particular, we explore highly restrictive attacks considering three key settings: (1) black-box policy access: where the attacker only has access to the input (state) and output (action probability) of an RL policy; (2) fractional-state adversary: where only several pixels are perturbed, with the extreme case being a single-pixel adversary; and (3) tactically-chanced attack: where only significant frames are tactically chosen to be attacked.


page 4

page 9


Provably Efficient Black-Box Action Poisoning Attacks Against Reinforcement Learning

Due to the broad range of applications of reinforcement learning (RL), u...

White-Box Adversarial Policies in Deep Reinforcement Learning

Adversarial examples against AI systems pose both risks via malicious at...

Adversarial Example Detection by Classification for Deep Speech Recognition

Machine Learning systems are vulnerable to adversarial attacks and will ...

Detecting Adversarial Attacks on Neural Network Policies with Visual Foresight

Deep reinforcement learning has shown promising results in learning cont...

Deep Q learning for fooling neural networks

Deep learning models are vulnerable to external attacks. In this paper, ...

Can Authoritative Governments Abuse the Right to Access?

The right to access is a great tool provided by the GDPR to empower data...

Zero Botnets: An Observe-Pursue-Counter Approach

Adversarial Internet robots (botnets) represent a growing threat to the ...