Observed Adversaries in Deep Reinforcement Learning
This addresses security vulnerabilities in deep RL, particularly for human-robot interaction, but is incremental as it builds on known susceptibility to adversarial attacks.
The paper tackles the problem of observed adversaries in deep reinforcement learning, showing that adversarial attacks persist with low-dimensional observations and transfer across victims, enabling attackers to train adversaries without access to target victims.
In this work, we point out the problem of observed adversaries for deep policies. Specifically, recent work has shown that deep reinforcement learning is susceptible to adversarial attacks where an observed adversary acts under environmental constraints to invoke natural but adversarial observations. This setting is particularly relevant for HRI since HRI-related robots are expected to perform their tasks around and with other agents. In this work, we demonstrate that this effect persists even with low-dimensional observations. We further show that these adversarial attacks transfer across victims, which potentially allows malicious attackers to train an adversary without access to the target victim.