Search for: All records

Existing adversarial algorithms for Deep Reinforcement Learning (DRL) have largely focused on identifying an optimal time to attack a DRL agent. However, little work has been explored in injecting efficient adversarial perturbations in DRL environments. We propose a suite of novel DRL adversarial attacks, called ACADIA, representing AttaCks Against Deep reInforcement leArning. ACADIA provides a set of efficient and robust perturbation-based adversarial attacks to disturb the DRL agent's decision-making based on novel combinations of techniques utilizing momentum, ADAM optimizer (i.e., Root Mean Square Propagation, or RMSProp), and initial randomization. These kinds of DRL attacks with novel integration of such techniques have not been studied in the existing Deep Neural Networks (DNNs) and DRL research. We consider two well-known DRL algorithms, Deep-Q Learning Network (DQN) and Proximal Policy Optimization (PPO), under Atari games and MuJoCo where both targeted and non-targeted attacks are considered with or without the state-of-the-art defenses in DRL (i.e., RADIAL and ATLA). Our results demonstrate that the proposed ACADIA outperforms existing gradient-based counterparts under a wide range of experimental settings. ACADIA is nine times faster than the state-of-the-art Carlini & Wagner (CW) method with better performance under defenses of DRL. 

Deep Learning (DL) techniques are being used in various critical applications like selfdriving cars. DL techniques such as Deep Neural Networks (DNN), Deep Reinforcement Learning (DRL), Federated Learning (FL), and Transfer Learning (TL) are prone to adversarial attacks, which can make the DL techniques perform poorly. Developing such attacks and their countermeasures is the prerequisite for making artificial intelligence techniques robust, secure, and deployable. Previous survey papers only focused on one or two techniques and are outdated. They do not discuss application domains, datasets, and testbeds in detail. There is also a need to discuss the commonalities and differences among DL techniques. In this paper, we comprehensively discussed the attacks and defenses in four popular DL models, including DNN, DRL, FL, and TL. We also highlighted the application domains, datasets, metrics, and testbeds in these fields. One of our key contributions is to discuss the commonalities and differences among these DL techniques. Insights, lessons, and future research directions are also highlighted in detail.