ARC: Adversarially Robust Control Policies for Autonomous Vehicles
This addresses safety concerns for autonomous vehicles by making control policies robust to adversarial attacks, though it is incremental as it builds on existing adversarial training methods.
The paper tackles the problem of adversarial vulnerability in neural network-based control policies for autonomous vehicles by introducing Adversarially Robust Control (ARC), which trains protagonist and adversarial policies end-to-end, resulting in up to 90.25% reduction in collisions against new adversaries.
Deep neural networks have demonstrated their capability to learn control policies for a variety of tasks. However, these neural network-based policies have been shown to be susceptible to exploitation by adversarial agents. Therefore, there is a need to develop techniques to learn control policies that are robust against adversaries. We introduce Adversarially Robust Control (ARC), which trains the protagonist policy and the adversarial policy end-to-end on the same loss. The aim of the protagonist is to maximise this loss, whilst the adversary is attempting to minimise it. We demonstrate the proposed ARC training in a highway driving scenario, where the protagonist controls the follower vehicle whilst the adversary controls the lead vehicle. By training the protagonist against an ensemble of adversaries, it learns a significantly more robust control policy, which generalises to a variety of adversarial strategies. The approach is shown to reduce the amount of collisions against new adversaries by up to 90.25%, compared to the original policy. Moreover, by utilising an auxiliary distillation loss, we show that the fine-tuned control policy shows no drop in performance across its original training distribution.