Stealthy and Efficient Adversarial Attacks against Deep Reinforcement Learning
Authors: Jianwen Sun, Tianwei Zhang, Xiaofei Xie, Lei Ma, Yan Zheng, Kangjie Chen, Yang Liu5883-5891
AAAI 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experimental results demonstrate the effectiveness of our techniques. |
| Researcher Affiliation | Academia | Nanyang Technological University, Singapore 2Kyushu University, Japan |
| Pseudocode | Yes | Algorithm 1 Critical Point Attack at step t; Algorithm 2 Training Antagonist Policy |
| Open Source Code | No | The paper does not provide any statement about making its source code open, nor does it provide a link to a code repository. |
| Open Datasets | Yes | Benchmarks. We select different types of DRL applications as the target victim: Atari games (Pong and Breakout), autonomous driving (TORCS) and continuous robot control (Mojuco). For Atari games, the agents are trained with A3C algorithms. For TORCS environment, the agent is trained by Deep Deterministic Policy Gradient method (DDPG). For Mojuco tasks, the agent is trained using Proximal Policy Optimization (PPO). |
| Dataset Splits | No | The paper states 'The sizes of training data and testing data are about 20M frames and 5M, respectively' but does not specify a separate validation split or its proportions. |
| Hardware Specification | No | The paper does not specify the hardware used to run the experiments, such as specific GPU or CPU models. |
| Software Dependencies | No | The paper mentions DRL algorithms (A3C, DDPG, PPO) and neural network architectures, but it does not list specific software dependencies with version numbers (e.g., TensorFlow 2.x, PyTorch 1.x). |
| Experiment Setup | Yes | For Atari games, the agents are trained with A3C algorithms. We adopt the same neural network architecture as the one in (Mnih et al. 2016), where the policy network takes 4 continuous images as input. These input images are re-sized as 80*80 and pixel values for each image are rescaled to [0,1]. The output of the neural network is the action probability distribution. For TORCS environment, the agent is trained by Deep Deterministic Policy Gradient method (DDPG). The action space of TORCS is a 1-dimensional continuous steering angle, from -1.0 to 1.0. For Mojuco tasks, the agent is trained using Proximal Policy Optimization (PPO). For both Pong and Breakout, Antagonist Attack can break down the agent using 3 steps in one life cycle. For the Mujoco control missions (Inverted Pendulum, Hopper, Half Cheetah, and Walker2d), we train the antagonists for 8M frames. The parameter N is set to 1 because we found that a 1-step attack is already capable of misleading the car to collide. We set M = 3 to assess the damage impact, as the effect of an incorrect action usually shows up after a couple of steps. For each time step, we enumerate 200 target steering angles in [1.0, 1.0] with the granularity of 0.01. |