Studying Adversarial Attacks on Behavioral Cloning Dynamics

摘要

High-fidelity visual simulation-based environments and advanced learning algorithms can be used to train robots to carry out specific tasks. Behavior cloning is a fast and easy way to train robots to learn from experience by modeling their actions according to human actions. As we make use of these agents in our day-to-day life, the robustness of such system-of-systems trained on simulation environments are of great concern. In this paper, we explore adversarial attacks in simulation environments, specifically for behavioral cloning models that cause the adversary to be able to take control of the steering mechanism of an autonomous agent. We focus our attention on improving latency and noticeability, two fundamental issues with adversarial attacks, by reducing the number of iterations to a single step during a white-box adversarial attack within a noticeability threshold. More specifically, the gradients at the image input layer and the output layer of the neural network are utilized in the adversarial attack. We implement a hybridized version of the fast gradient sign and basic iterative methods to attack the input image and fool the agent. We've shown that our method reduces the attack time per frame to within 3 milliseconds.