SEBA: Sample-Efficient Black-Box Attacks on Visual Reinforcement Learning
This addresses the problem of adversarial robustness in visual RL for applications like robotics, though it is incremental as it builds on existing black-box attack methods.
The paper tackles the vulnerability of visual reinforcement learning to adversarial attacks by proposing SEBA, a sample-efficient black-box attack framework that integrates a shadow Q model, a generative adversarial network, and a world model; experiments on MuJoCo and Atari benchmarks show it significantly reduces cumulative rewards, preserves visual fidelity, and greatly decreases environment interactions compared to prior methods.
Visual reinforcement learning has achieved remarkable progress in visual control and robotics, but its vulnerability to adversarial perturbations remains underexplored. Most existing black-box attacks focus on vector-based or discrete-action RL, and their effectiveness on image-based continuous control is limited by the large action space and excessive environment queries. We propose SEBA, a sample-efficient framework for black-box adversarial attacks on visual RL agents. SEBA integrates a shadow Q model that estimates cumulative rewards under adversarial conditions, a generative adversarial network that produces visually imperceptible perturbations, and a world model that simulates environment dynamics to reduce real-world queries. Through a two-stage iterative training procedure that alternates between learning the shadow model and refining the generator, SEBA achieves strong attack performance while maintaining efficiency. Experiments on MuJoCo and Atari benchmarks show that SEBA significantly reduces cumulative rewards, preserves visual fidelity, and greatly decreases environment interactions compared to prior black-box and white-box methods.