Vulnerability of deep reinforcement learning to policy induction attacks

Vahid Behzadan; Arslan Munir

doi:10.1007/978-3-319-62416-7_19

Vulnerability of deep reinforcement learning to policy induction attacks

Vahid Behzadan, Arslan Munir

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Deep learning classifiers are known to be inherently vulnerable to manipulation by intentionally perturbed inputs, named adversarial examples. In this work, we establish that reinforcement learning techniques based on Deep Q-Networks (DQNs) are also vulnerable to adversarial input perturbations, and verify the transferability of adversarial examples across different DQN models. Furthermore, we present a novel class of attacks based on this vulnerability that enable policy manipulation and induction in the learning process of DQNs. We propose an attack mechanism that exploits the transferability of adversarial examples to implement policy induction attacks on DQNs, and demonstrate its efficacy and impact through experimental study of a game-learning scenario.

Original language	English (US)
Title of host publication	Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings
Editors	Petra Perner
Publisher	Springer Verlag
Pages	262-275
Number of pages	14
ISBN (Print)	9783319624150
DOIs	https://doi.org/10.1007/978-3-319-62416-7_19
State	Published - 2017
Event	13th International Conference on Machine Learning and Data Mining in Pattern Recognition, MLDM 2017 - New York, United States Duration: Jul 15 2017 → Jul 20 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10358 LNAI
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	13th International Conference on Machine Learning and Data Mining in Pattern Recognition, MLDM 2017
Country/Territory	United States
City	New York
Period	7/15/17 → 7/20/17

Keywords

Adversarial examples
Deep Q-Learning
Manipulation
Policy induction
Reinforcement learning
Vulnerability

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-319-62416-7_19

Cite this

Behzadan, V., & Munir, A. (2017). Vulnerability of deep reinforcement learning to policy induction attacks. In P. Perner (Ed.), Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings (pp. 262-275). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10358 LNAI). Springer Verlag. https://doi.org/10.1007/978-3-319-62416-7_19

Vulnerability of deep reinforcement learning to policy induction attacks. / Behzadan, Vahid; Munir, Arslan.
Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings. ed. / Petra Perner. Springer Verlag, 2017. p. 262-275 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10358 LNAI).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Behzadan, V & Munir, A 2017, Vulnerability of deep reinforcement learning to policy induction attacks. in P Perner (ed.), Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10358 LNAI, Springer Verlag, pp. 262-275, 13th International Conference on Machine Learning and Data Mining in Pattern Recognition, MLDM 2017, New York, United States, 7/15/17. https://doi.org/10.1007/978-3-319-62416-7_19

Behzadan V, Munir A. Vulnerability of deep reinforcement learning to policy induction attacks. In Perner P, editor, Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings. Springer Verlag. 2017. p. 262-275. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-62416-7_19

Behzadan, Vahid ; Munir, Arslan. / Vulnerability of deep reinforcement learning to policy induction attacks. Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings. editor / Petra Perner. Springer Verlag, 2017. pp. 262-275 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{ee628d2521b348c5a26b78ad2a2413a0,

title = "Vulnerability of deep reinforcement learning to policy induction attacks",

abstract = "Deep learning classifiers are known to be inherently vulnerable to manipulation by intentionally perturbed inputs, named adversarial examples. In this work, we establish that reinforcement learning techniques based on Deep Q-Networks (DQNs) are also vulnerable to adversarial input perturbations, and verify the transferability of adversarial examples across different DQN models. Furthermore, we present a novel class of attacks based on this vulnerability that enable policy manipulation and induction in the learning process of DQNs. We propose an attack mechanism that exploits the transferability of adversarial examples to implement policy induction attacks on DQNs, and demonstrate its efficacy and impact through experimental study of a game-learning scenario.",

keywords = "Adversarial examples, Deep Q-Learning, Manipulation, Policy induction, Reinforcement learning, Vulnerability",

author = "Vahid Behzadan and Arslan Munir",

note = "Publisher Copyright: {\textcopyright} Springer International Publishing AG 2017.; 13th International Conference on Machine Learning and Data Mining in Pattern Recognition, MLDM 2017 ; Conference date: 15-07-2017 Through 20-07-2017",

year = "2017",

doi = "10.1007/978-3-319-62416-7_19",

language = "English (US)",

isbn = "9783319624150",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "262--275",

editor = "Petra Perner",

booktitle = "Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings",

}

TY - GEN

T1 - Vulnerability of deep reinforcement learning to policy induction attacks

AU - Behzadan, Vahid

AU - Munir, Arslan

N1 - Publisher Copyright: © Springer International Publishing AG 2017.

PY - 2017

Y1 - 2017

N2 - Deep learning classifiers are known to be inherently vulnerable to manipulation by intentionally perturbed inputs, named adversarial examples. In this work, we establish that reinforcement learning techniques based on Deep Q-Networks (DQNs) are also vulnerable to adversarial input perturbations, and verify the transferability of adversarial examples across different DQN models. Furthermore, we present a novel class of attacks based on this vulnerability that enable policy manipulation and induction in the learning process of DQNs. We propose an attack mechanism that exploits the transferability of adversarial examples to implement policy induction attacks on DQNs, and demonstrate its efficacy and impact through experimental study of a game-learning scenario.

AB - Deep learning classifiers are known to be inherently vulnerable to manipulation by intentionally perturbed inputs, named adversarial examples. In this work, we establish that reinforcement learning techniques based on Deep Q-Networks (DQNs) are also vulnerable to adversarial input perturbations, and verify the transferability of adversarial examples across different DQN models. Furthermore, we present a novel class of attacks based on this vulnerability that enable policy manipulation and induction in the learning process of DQNs. We propose an attack mechanism that exploits the transferability of adversarial examples to implement policy induction attacks on DQNs, and demonstrate its efficacy and impact through experimental study of a game-learning scenario.

KW - Adversarial examples

KW - Deep Q-Learning

KW - Manipulation

KW - Policy induction

KW - Reinforcement learning

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=85025136946&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85025136946&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-62416-7_19

DO - 10.1007/978-3-319-62416-7_19

M3 - Conference contribution

AN - SCOPUS:85025136946

SN - 9783319624150

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 262

EP - 275

BT - Machine Learning and Data Mining in Pattern Recognition - 13th International Conference, MLDM 2017, Proceedings

A2 - Perner, Petra

PB - Springer Verlag

T2 - 13th International Conference on Machine Learning and Data Mining in Pattern Recognition, MLDM 2017

Y2 - 15 July 2017 through 20 July 2017

ER -

Vulnerability of deep reinforcement learning to policy induction attacks

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this