Gradient Band-based Adversarial Training for Generalized Attack Immunity of A3C Path Finding
This addresses security threats in AI systems for path finding, but it is incremental as it builds on existing adversarial training methods.
The paper tackles the vulnerability of A3C path finding to adversarial attacks by proposing a method to generate dominant adversarial examples and a training technique for generalized immunity, achieving immune precision as low as 93.89%.
As adversarial attacks pose a serious threat to the security of AI system in practice, such attacks have been extensively studied in the context of computer vision applications. However, few attentions have been paid to the adversarial research on automatic path finding. In this paper, we show dominant adversarial examples are effective when targeting A3C path finding, and design a Common Dominant Adversarial Examples Generation Method (CDG) to generate dominant adversarial examples against any given map. In addition, we propose Gradient Band-based Adversarial Training, which trained with a single randomly choose dominant adversarial example without taking any modification, to realize the "1:N" attack immunity for generalized dominant adversarial examples. Extensive experimental results show that, the lowest generation precision for CDG algorithm is 91.91%, and the lowest immune precision for Gradient Band-based Adversarial Training is 93.89%, which can prove that our method can realize the generalized attack immunity of A3C path finding with a high confidence.