BARReL: Bottleneck Attention for Adversarial Robustness in Vision-Based Reinforcement Learning

• URL: http://arxiv.org/abs/2208.10481v1
• Date: Mon, 22 Aug 2022 17:54:34 GMT
• Title: BARReL: Bottleneck Attention for Adversarial Robustness in Vision-Based Reinforcement Learning
• Authors: Eugene Bykovets, Yannick Metz, Mennatallah El-Assady, Daniel A. Keim, Joachim M. Buhmann
• Abstract summary: We investigate the susceptibility of vision-based reinforcement learning agents to gradient-based adversarial attacks. We show how learned attention maps can be used to recover activations of a convolutional layer. Across a number of RL environments, BAM-enhanced architectures show increased robustness during inference.
• Score: 20.468991996052953
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Robustness to adversarial perturbations has been explored in many areas of computer vision. This robustness is particularly relevant in vision-based reinforcement learning, as the actions of autonomous agents might be safety-critic or impactful in the real world. We investigate the susceptibility of vision-based reinforcement learning agents to gradient-based adversarial attacks and evaluate a potential defense. We observe that Bottleneck Attention Modules (BAM) included in CNN architectures can act as potential tools to increase robustness against adversarial attacks. We show how learned attention maps can be used to recover activations of a convolutional layer by restricting the spatial activations to salient regions. Across a number of RL environments, BAM-enhanced architectures show increased robustness during inference. Finally, we discuss potential future research directions.

Related papers

• Towards Transferable Attacks Against Vision-LLMs in Autonomous Driving with Typography [21.632703081999036]
  Vision-Large-Language-Models (Vision-LLMs) are increasingly being integrated into autonomous driving (AD) systems. We propose to leverage typographic attacks against AD systems relying on the decision-making capabilities of Vision-LLMs.
  arXiv  Detail & Related papers  (2024-05-23T04:52:02Z)
• Embodied Active Defense: Leveraging Recurrent Feedback to Counter Adversarial Patches [37.317604316147985]
  The vulnerability of deep neural networks to adversarial patches has motivated numerous defense strategies for boosting model robustness. We develop Embodied Active Defense (EAD), a proactive defensive strategy that actively contextualizes environmental information to address misaligned adversarial patches in 3D real-world settings.
  arXiv  Detail & Related papers  (2024-03-31T03:02:35Z)
• Towards Robust Semantic Segmentation against Patch-based Attack via Attention Refinement [68.31147013783387]
  We observe that the attention mechanism is vulnerable to patch-based adversarial attacks. In this paper, we propose a Robust Attention Mechanism (RAM) to improve the robustness of the semantic segmentation model.
  arXiv  Detail & Related papers  (2024-01-03T13:58:35Z)
• BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning [85.2564206440109]
  This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses. We introduce the emphtoolns attack, which is resistant to backdoor detection and model fine-tuning defenses.
  arXiv  Detail & Related papers  (2023-11-20T02:21:49Z)
• FACADE: A Framework for Adversarial Circuit Anomaly Detection and Evaluation [9.025997629442896]
  FACADE is designed for unsupervised mechanistic anomaly detection in deep neural networks. Our approach seeks to improve model robustness, enhance scalable model oversight, and demonstrates promising applications in real-world deployment settings.
  arXiv  Detail & Related papers  (2023-07-20T04:00:37Z)
• Decentralized Adversarial Training over Graphs [55.28669771020857]
  The vulnerability of machine learning models to adversarial attacks has been attracting considerable attention in recent years. This work studies adversarial training over graphs, where individual agents are subjected to varied strength perturbation space.
  arXiv  Detail & Related papers  (2023-03-23T15:05:16Z)
• Physical Adversarial Attack meets Computer Vision: A Decade Survey [55.38113802311365]
  This paper presents a comprehensive overview of physical adversarial attacks. We take the first step to systematically evaluate the performance of physical adversarial attacks. Our proposed evaluation metric, hiPAA, comprises six perspectives.
  arXiv  Detail & Related papers  (2022-09-30T01:59:53Z)
• Exploring Adversarial Attacks and Defenses in Vision Transformers trained with DINO [0.0]
  This work conducts the first analysis on the robustness against adversarial attacks on self-supervised Vision Transformers trained using DINO. First, we evaluate whether features learned through self-supervision are more robust to adversarial attacks than those emerging from supervised learning. Then, we present properties arising for attacks in the latent space.
  arXiv  Detail & Related papers  (2022-06-14T11:20:16Z)
• Deep Reinforced Attention Learning for Quality-Aware Visual Recognition [73.15276998621582]
  We build upon the weakly-supervised generation mechanism of intermediate attention maps in any convolutional neural networks. We introduce a meta critic network to evaluate the quality of attention maps in the main network.
  arXiv  Detail & Related papers  (2020-07-13T02:44:38Z)
• Spatiotemporal Attacks for Embodied Agents [119.43832001301041]
  We take the first step to study adversarial attacks for embodied agents. In particular, we generate adversarial examples, which exploit the interaction history in both the temporal and spatial dimensions. Our perturbations have strong attack and generalization abilities.
  arXiv  Detail & Related papers  (2020-05-19T01:38:47Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.