pith. sign in

arxiv: 1702.02284 · v1 · pith:LRF3K7ZFnew · submitted 2017-02-08 · 💻 cs.LG · cs.CR· stat.ML

Adversarial Attacks on Neural Network Policies

classification 💻 cs.LG cs.CRstat.ML
keywords adversarialattackspoliciesadversarieslearningnetworkneuralperformance
0
0 comments X
read the original abstract

Machine learning classifiers are known to be vulnerable to inputs maliciously constructed by adversaries to force misclassification. Such adversarial examples have been extensively studied in the context of computer vision applications. In this work, we show adversarial attacks are also effective when targeting neural network policies in reinforcement learning. Specifically, we show existing adversarial example crafting techniques can be used to significantly degrade test-time performance of trained policies. Our threat model considers adversaries capable of introducing small perturbations to the raw input of the policy. We characterize the degree of vulnerability across tasks and training algorithms, for a subclass of adversarial-example attacks in white-box and black-box settings. Regardless of the learned task or training algorithm, we observe a significant drop in performance, even with small adversarial perturbations that do not interfere with human perception. Videos are available at http://rll.berkeley.edu/adversarial.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 18 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Test-time Adversarial Takeover: A Real-time Hijacking Interface against Robotic Diffusion Policies

    cs.RO 2026-06 unverdicted novelty 8.0

    TAKO demonstrates real-time adversarial takeover of robotic diffusion policies via reusable universal patches on visual inputs, achieving 100% success in steering attacker-chosen trajectories across multiple tasks, en...

  2. Efficient Preference Poisoning Attack on Offline RLHF

    cs.LG 2026-05 unverdicted novelty 8.0

    Label-flip attacks on log-linear DPO reduce to binary sparse approximation problems that can be solved efficiently by lattice-based and binary matching pursuit methods with recovery guarantees.

  3. Same Weights, Different Robot: A Deployment Safety View of VLA Policies

    cs.CR 2026-06 unverdicted novelty 7.0

    The paper identifies a deployment safety gap in VLA policies where identical checkpoints can be executable-inequivalent due to action metadata mismatches, supported by a derived closed-form transform and empirical dri...

  4. Efficient Preference Poisoning Attack on Offline RLHF

    cs.LG 2026-05 unverdicted novelty 7.0

    Preference poisoning against log-linear DPO reduces to a binary sparse approximation problem solved by lattice-reduction (BAL-A) and matching-pursuit (BMP-A) algorithms that carry recovery guarantees.

  5. Corruption-robust Offline Multi-agent Reinforcement Learning From Human Feedback

    cs.LG 2026-03 unverdicted novelty 7.0

    Introduces robust estimators for linear Markov games in offline MARLHF that achieve O(ε^{1-o(1)}) or O(√ε) bounds on Nash or CCE gaps under uniform or unilateral coverage.

  6. A Speculative GLRT-Backed ApproachRobust Deep Learning-Based Array Processing

    eess.SP 2025-12 unverdicted novelty 7.0

    A speculative DL classifier validated by GLRT on spatially robust second-order statistics provides adversarially resilient array processing.

  7. How Vulnerable Is My Learned Policy? Universal Adversarial Perturbation Attacks On Modern Behavior Cloning Policies

    cs.LG 2025-02 unverdicted novelty 7.0

    Modern imitation learning methods including Diffusion Policy and Implicit Behavior Cloning are highly vulnerable to universal adversarial perturbations, with successful black-box transfer attacks across algorithms.

  8. MirrorCheck: Efficient Adversarial Defense for Vision-Language Models

    cs.CV 2024-06 unverdicted novelty 7.0

    MirrorCheck detects adversarial attacks on VLMs via T2I regeneration for semantic consistency checks, using stochastic model selection and one-time perturbations for robustness against adaptive attacks.

  9. RoAd-RL: A Unified Library and Benchmark for Robust Adversarial Reinforcement Learning

    cs.LG 2026-06 conditional novelty 6.0

    RoAd-RL is a new benchmarking library for adversarial reinforcement learning that evaluates DQN, PPO, and SAC agents across 192 attack-defense configurations and finds substantial robustness variations plus cases wher...

  10. The Game Changer Problem: Controlling Equilibria with Discrete Rewards

    cs.GT 2026-06 unverdicted novelty 6.0

    Introduces the game changer problem and supplies feasibility characterizations plus dynamic programming algorithms for forcing a target equilibrium under discrete reward constraints in two-player games.

  11. Latent Anchor-Driven Test Generation for Deep Neural Networks

    cs.LG 2026-06 unverdicted novelty 6.0

    Latte performs seed-centered one-step latent mutations along class anchors in VQ-VAE space to produce diverse, low-drift, fault-revealing DNN tests.

  12. When Actions Disappear: Adversarial Action Removal in Self-Play Reinforcement Learning

    cs.LG 2026-05 unverdicted novelty 6.0

    Adversarial action removal in self-play RL inflicts greater damage than random masking or learned perturbations, persists across algorithms and domains, transfers between agents, and resists recovery through extended ...

  13. Density-Ratio Weighted Behavioral Cloning: Learning Control Policies from Corrupted Datasets

    cs.LG 2025-10 conditional novelty 6.0

    Weighted BC estimates trajectory density ratios from a clean reference set via binary discrimination and reweights the BC loss to converge to the clean expert policy with finite-sample bounds independent of contaminat...

  14. Wolfpack Adversarial Attack for Robust Multi-Agent Reinforcement Learning

    cs.LG 2025-02 unverdicted novelty 6.0

    Wolfpack attack framework disrupts MARL cooperation by targeting initial and assisting agents; WALL trains robust policies against it with reported experimental gains.

  15. Testing Neural Networks via Bayesian-Guided Exploration of Decision Landscapes

    cs.LG 2026-06 unverdicted novelty 5.0

    BayesWarp is a testing framework combining saliency techniques and uncertainty-aware Bayesian optimization to discover diverse model failures on image classification tasks while preserving data proximity.

  16. Threats to Arabic Handwriting Recognition: Investigating Black-Box Adversarial Attacks on embedded ConvNet models

    cs.CV 2026-05 conditional novelty 5.0

    Black-box attacks, especially Pixle, reach 99-100% success on Arabic handwriting ConvNet models across two benchmark datasets while preserving character structure.

  17. Learning to Cope with Adversarial Attacks

    cs.LG 2019-06 unverdicted novelty 5.0

    MLAH agent in deep RL demonstrates hierarchical coping mechanisms and improved reward maintenance under spaced adversarial attacks, at the expense of stability.

  18. SoK: A Comprehensive Analysis of the Current Status of Neural Tangent Generalization Attacks with Research Directions

    cs.LG 2026-05 accept novelty 3.0

    NTGA is the first clean-label generalization attack under black-box settings but is vulnerable to adversarial training and image transformations, with newer attacks outperforming it.