Mitigation of policy manipulation attacks on deep Q-networks with parameter-space noise

Vahid Behzadan, Arslan Munir

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Recent developments establish the vulnerability of deep reinforcement learning to policy manipulation attack. In this work, we propose a technique for mitigation of such attacks based on addition of noise to the parameter space of deep reinforcement learners during training. We experimentally verify the effect of parameter-space noise in reducing the transferability of adversarial examples, and demonstrate the promising performance of this technique in mitigating the impact of whitebox and blackbox attacks at both test and training times.

Original languageEnglish (US)
Title of host publicationComputer Safety, Reliability, and Security - SAFECOMP 2018 Workshops, ASSURE, DECSoS, SASSUR, STRIVE, and WAISE, Proceedings
EditorsFriedemann Bitsch, Amund Skavhaug, Barbara Gallina, Erwin Schoitsch
PublisherSpringer Verlag
Pages406-417
Number of pages12
ISBN (Print)9783319992280
DOIs
StatePublished - 2018
EventWorkshops: ASSURE, DECSoS, SASSUR, STRIVE, and WAISE 2018 co-located with 37th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2018 - Västerås, Sweden
Duration: Sep 18 2018Sep 21 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11094 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceWorkshops: ASSURE, DECSoS, SASSUR, STRIVE, and WAISE 2018 co-located with 37th International Conference on Computer Safety, Reliability and Security, SAFECOMP 2018
Country/TerritorySweden
CityVästerås
Period9/18/189/21/18

Keywords

  • Adversarial attacks
  • Adversarial examples
  • Deep reinforcement learning
  • Mitigation
  • Parameter-space noise

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Mitigation of policy manipulation attacks on deep Q-networks with parameter-space noise'. Together they form a unique fingerprint.

Cite this