A Hybrid Ensemble Framework for Adversarial Robustness in Deep Reinforcement Learning

摘要

Across robots, autonomous driving and intelligent surveillance, autonomous decision has long been applied to a large range of problems with Deep Reinforcement Learning (DRL). An agent, even in the presence of small perturbations to the sensor inputs of a DRL model, may be confused enough to perform incorrectly and compromise the safety and performance of the agent. With traditional defense means, it is not so easy. A hybrid ensemble learning robust defense framework is introduced by integrating and applying multiple classifiers (i.e., Logistic Regression (LR), Random Forest (RF), Support Vector Machine (SVM), K-Nearest Neighbors (KNN) and Multi-Layer Perceptron (MLP)) over the whole framework to build up a Voting based classifier. Because the models are combined, the system becomes more stable against interfering factors and its choices become more dependable. Based on the results obtained, the ensemble model performs best for all of these adversarial cases at <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$\mathbf{9 1 \%}$</tex> accuracy, <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$\mathbf{7 7 \%}$</tex> precision, 88% recall, 82% F1-score, 0.08 MSE and <tex xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">$0.92 \mathrm{R}^{2}$</tex>. At the end, it concludes the results from the above mentioned results and also provides means for using ensemble based defense to help make DRL more robust against adversarial threats.