Code for studying observed adversaries in Deep Reinforcement Learning (DRL). This research highlights a critical vulnerability in deep policies where an adversary, acting within environmental constraints, can trigger natural but adversarial observations that severely degrade a robot’s performance.
Unlike traditional adversarial attacks that require direct modification of input pixels or state data, Observersary demonstrates that agents are susceptible even in low-dimensional, fully-observed settings. This indicates that the vulnerability is not merely a perception failure of high-dimensional data, but a fundamental issue in how deep policies process environmental states. Furthermore, these adversarial behaviors are transferable, allowing an attacker to impact a victim policy without having direct access to it during training.
A navigation-based environment where an adversary learns to "freeze" or significantly delay a victim robot by occupying specific environmental states.
Demonstrating how natural agent movements can act as adversarial triggers in DRL policies.
If you find this work or code useful, please cite our paper:
@inproceedings{lim2022observed,
title={Observed Adversaries in Deep Reinforcement Learning},
author={Lim, Eugene and Soh, Harold},
journal={AAAI Fall Symposium Series, Artificial Intelligence for Human-Robot Interaction},
year={2022}
}For a high-level overview of our findings, including attack transferability and performance impact, please see our project slides: Observersary Presentation & Results
# Install dependencies
pip install -r requirements.txt
# Run experiments
./run.sh