Whatever Does Not Kill Deep Reinforcement Learning, Makes It Stronger
This addresses security concerns for deep RL systems, but it is incremental as it builds on known vulnerabilities and focuses on specific methods.
The paper tackles the vulnerability of deep Reinforcement Learning to adversarial attacks by investigating robustness and resilience during training and testing, showing that DQN agents can recover and adapt under noncontiguous training-time attacks, and policies learned under such conditions are more robust to test-time attacks.
Recent developments have established the vulnerability of deep Reinforcement Learning (RL) to policy manipulation attacks via adversarial perturbations. In this paper, we investigate the robustness and resilience of deep RL to training-time and test-time attacks. Through experimental results, we demonstrate that under noncontiguous training-time attacks, Deep Q-Network (DQN) agents can recover and adapt to the adversarial conditions by reactively adjusting the policy. Our results also show that policies learned under adversarial perturbations are more robust to test-time attacks. Furthermore, we compare the performance of $ε$-greedy and parameter-space noise exploration methods in terms of robustness and resilience against adversarial perturbations.