Vulnerability of Deep Reinforcement Learning to Policy Induction Attacks
This addresses security risks in reinforcement learning systems, such as autonomous agents, by exposing a novel vulnerability, though it is incremental as it extends known adversarial example concepts to a new domain.
The paper tackled the problem of adversarial attacks on deep reinforcement learning by showing that Deep Q-Networks are vulnerable to input perturbations, enabling policy manipulation through transferable adversarial examples, with experimental validation in a game-learning scenario.
Deep learning classifiers are known to be inherently vulnerable to manipulation by intentionally perturbed inputs, named adversarial examples. In this work, we establish that reinforcement learning techniques based on Deep Q-Networks (DQNs) are also vulnerable to adversarial input perturbations, and verify the transferability of adversarial examples across different DQN models. Furthermore, we present a novel class of attacks based on this vulnerability that enable policy manipulation and induction in the learning process of DQNs. We propose an attack mechanism that exploits the transferability of adversarial examples to implement policy induction attacks on DQNs, and demonstrate its efficacy and impact through experimental study of a game-learning scenario.