CopyCAT: Taking Control of Neural Policies ...
Type de document :
Communication dans un congrès avec actes
Titre :
CopyCAT: Taking Control of Neural Policies with Constant Attacks
Auteur(s) :
Hussenot, Léonard [Auteur]
Google Research [Paris]
Scool [Scool]
Geist, Matthieu [Auteur]
Google Research [Paris]
Pietquin, Olivier [Auteur]
Google Research [Paris]
Google Research [Paris]
Scool [Scool]
Geist, Matthieu [Auteur]
Google Research [Paris]
Pietquin, Olivier [Auteur]
Google Research [Paris]
Titre de la manifestation scientifique :
AAMAS 2020 - 19th International Conference on Autonomous Agents and Multi-Agent Systems
Ville :
Virtual
Pays :
Nouvelle-Zélande
Date de début de la manifestation scientifique :
2020-05-09
Discipline(s) HAL :
Informatique [cs]
Résumé en anglais : [en]
We propose a new perspective on adversarial attacks against deep reinforcement learning agents. Our main contribution is CopyCAT, a targeted attack able to consistently lure an agent into following an outsider's policy. ...
Lire la suite >We propose a new perspective on adversarial attacks against deep reinforcement learning agents. Our main contribution is CopyCAT, a targeted attack able to consistently lure an agent into following an outsider's policy. It is pre-computed, therefore fast inferred, and could thus be usable in a real-time scenario. We show its effectiveness on Atari 2600 games in the novel read-only setting. In this setting, the adversary cannot directly modify the agent's state -- its representation of the environment -- but can only attack the agent's observation -- its perception of the environment. Directly modifying the agent's state would require a write-access to the agent's inner workings and we argue that this assumption is too strong in realistic settings.Lire moins >
Lire la suite >We propose a new perspective on adversarial attacks against deep reinforcement learning agents. Our main contribution is CopyCAT, a targeted attack able to consistently lure an agent into following an outsider's policy. It is pre-computed, therefore fast inferred, and could thus be usable in a real-time scenario. We show its effectiveness on Atari 2600 games in the novel read-only setting. In this setting, the adversary cannot directly modify the agent's state -- its representation of the environment -- but can only attack the agent's observation -- its perception of the environment. Directly modifying the agent's state would require a write-access to the agent's inner workings and we argue that this assumption is too strong in realistic settings.Lire moins >
Langue :
Anglais
Comité de lecture :
Oui
Audience :
Internationale
Vulgarisation :
Non
Collections :
Source :
Fichiers
- https://hal.inria.fr/hal-03162124/document
- Accès libre
- Accéder au document
- http://arxiv.org/pdf/1905.12282
- Accès libre
- Accéder au document
- https://hal.inria.fr/hal-03162124/document
- Accès libre
- Accéder au document
- https://hal.inria.fr/hal-03162124/document
- Accès libre
- Accéder au document
- document
- Accès libre
- Accéder au document
- 1905.12282.pdf
- Accès libre
- Accéder au document
- 1905.12282
- Accès libre
- Accéder au document