Belief-Enriched Pessimistic Q-Learning against Adversarial State Perturbations
This work addresses the security problem of RL agents against adversarial attacks, which is crucial for deploying RL in real-world applications, and represents an incremental improvement over existing methods.
The paper tackles the vulnerability of reinforcement learning agents to adversarial state perturbations by proposing a robust RL algorithm that combines pessimistic policy derivation with belief state inference and diffusion-based state purification, achieving superb performance under strong attacks with training overhead comparable to regularization-based methods.
Reinforcement learning (RL) has achieved phenomenal success in various domains. However, its data-driven nature also introduces new vulnerabilities that can be exploited by malicious opponents. Recent work shows that a well-trained RL agent can be easily manipulated by strategically perturbing its state observations at the test stage. Existing solutions either introduce a regularization term to improve the smoothness of the trained policy against perturbations or alternatively train the agent's policy and the attacker's policy. However, the former does not provide sufficient protection against strong attacks, while the latter is computationally prohibitive for large environments. In this work, we propose a new robust RL algorithm for deriving a pessimistic policy to safeguard against an agent's uncertainty about true states. This approach is further enhanced with belief state inference and diffusion-based state purification to reduce uncertainty. Empirical results show that our approach obtains superb performance under strong attacks and has a comparable training overhead with regularization-based methods. Our code is available at https://github.com/SliencerX/Belief-enriched-robust-Q-learning.