AI Article Synopsis
- Deep reinforcement learning (DRL) policies can be misled by unforeseen disturbances during testing, making them vulnerable to attacks that weren't accounted for during training.
- A common solution involves explicitly incorporating adversarial information into the training, which can be costly and might not effectively guard against other types of attacks.
- The proposed method focuses on a novel adversary agnostic robust DRL approach that uses a policy distillation framework to enhance robustness without relying on predefined adversaries, validated by theoretical analysis and experiments on Atari games.
Article Abstract
Deep reinforcement learning (DRL) policies have been shown to be deceived by perturbations (e.g., random noise or intensional adversarial attacks) on state observations that appear at test time but are unknown during training. To increase the robustness of DRL policies, previous approaches assume that explicit adversarial information can be added into the training process, to achieve generalization ability on these perturbed observations as well. However, such approaches not only make robustness improvement more expensive but may also leave a model prone to other kinds of attacks in the wild. In contrast, we propose an adversary agnostic robust DRL paradigm that does not require learning from predefined adversaries. To this end, we first theoretically show that robustness could indeed be achieved independently of the adversaries based on a policy distillation (PD) setting. Motivated by this finding, we propose a new PD loss with two terms: 1) a prescription gap maximization (PGM) loss aiming to simultaneously maximize the likelihood of the action selected by the teacher policy and the entropy over the remaining actions and 2) a corresponding Jacobian regularization (JR) loss that minimizes the magnitude of gradients with respect to the input state. The theoretical analysis substantiates that our distillation loss guarantees to increase the prescription gap and hence improves the adversarial robustness. Furthermore, experiments on five Atari games firmly verify the superiority of our approach compared to the state-of-the-art baselines.
Download full-text PDF |
Source |
|---|---|
| http://dx.doi.org/10.1109/TNNLS.2021.3133537 | DOI Listing |
Publication Analysis
Top Keywords
Similar Publications
Attention-Based Malware Detection Model by Visualizing Latent Features Through Dynamic Residual Kernel Network.
Sensors (Basel)
December 2024
School of Computer Engineering & Applied Mathematics, Hankyong National University, Anseong-si 17501, Republic of Korea.
In recent years, significant research has been directed towards the taxonomy of malware variants. Nevertheless, certain challenges persist, including the inadequate accuracy of sample classification within similar malware families, elevated false-negative rates, and significant processing time and resource consumption. Malware developers have effectively evaded signature-based detection methods.
View Article and Find Full Text PDFD4A: An efficient and effective defense across agnostic adversarial attacks.
Neural Netw
November 2024
Key Lab of Education Blockchain and Intelligent Technology, Ministry of Education, Guangxi Normal University, Guilin, China; Guangxi Key Lab of Multi-source Information Mining and Security, Guangxi Normal University, Guilin, China; School of Computer Science and Engineering, Guangxi Normal University, Guilin, China. Electronic address:
Recent studies show that Graph Neural Networks (GNNs) are vulnerable to structure adversarial attacks, which draws attention to adversarial defenses in graph data. Previous defenses designed heuristic defense strategies for specific attacks or graph properties, and are no longer sufficiently robust across all these attacks. To address this problem, we discuss the abnormal behaviors of GNNs in structure perturbations from a posterior distribution perspective.
View Article and Find Full Text PDFReconstruct incomplete relation for incomplete modality brain tumor segmentation.
Neural Netw
December 2024
The Department of Artificial Intelligence, Xiamen University, Fujian, China.
Different brain tumor magnetic resonance imaging (MRI) modalities provide diverse tumor-specific information. Previous works have enhanced brain tumor segmentation performance by integrating multiple MRI modalities. However, multi-modal MRI data are often unavailable in clinical practice.
View Article and Find Full Text PDFAn information-theoretic perspective of physical adversarial patches.
Neural Netw
November 2024
IEMN CNRS 8520, INSA Hauts-de-France, UPHF, France; CSIT, Queen's University Belfast, UK.
Real-world adversarial patches were shown to be successful in compromising state-of-the-art models in various computer vision applications. Most existing defenses rely on analyzing input or feature level gradients to detect the patch. However, these methods have been compromised by recent GAN-based attacks that generate naturalistic patches.
View Article and Find Full Text PDFM-VAAL: Multimodal Variational Adversarial Active Learning for Downstream Medical Image Analysis Tasks.
Med Image Underst Anal
December 2023
Center for Imaging Science, RIT, Rochester, NY, USA.
Acquiring properly annotated data is expensive in the medical field as it requires experts, time-consuming protocols, and rigorous validation. Active learning attempts to minimize the need for large annotated samples by actively sampling the most informative examples for annotation. These examples contribute significantly to improving the performance of supervised machine learning models, and thus, active learning can play an essential role in selecting the most appropriate information in deep learning-based diagnosis, clinical assessments, and treatment planning.
View Article and Find Full Text PDFWant AI Summaries of new PubMed Abstracts delivered to your In-box?
Enter search terms and have AI summaries delivered each week - change queries or unsubscribe any time!