Robustness to Adversarial Attacks in Learning-Enabled Controllers
This addresses robustness issues for cyber-physical systems like autonomous vehicles and robots, but it is incremental as it builds on existing shield-based defense methods.
The paper tackles the susceptibility of learning-enabled controllers in cyber-physical systems to adversarial attacks by proposing a shield-based defense that treats the controller and environment as black-boxes, demonstrating effectiveness through experiments on F16 aircraft navigation and humanoid robot motion control.
Learning-enabled controllers used in cyber-physical systems (CPS) are known to be susceptible to adversarial attacks. Such attacks manifest as perturbations to the states generated by the controller's environment in response to its actions. We consider state perturbations that encompass a wide variety of adversarial attacks and describe an attack scheme for discovering adversarial states. To be useful, these attacks need to be natural, yielding states in which the controller can be reasonably expected to generate a meaningful response. We consider shield-based defenses as a means to improve controller robustness in the face of such perturbations. Our defense strategy allows us to treat the controller and environment as black-boxes with unknown dynamics. We provide a two-stage approach to construct this defense and show its effectiveness through a range of experiments on realistic continuous control domains such as the navigation control-loop of an F16 aircraft and the motion control system of humanoid robots.