Framework for existing attacks on trained StableBaselines3 DRL policies.
Project description
attacks-on-drl
Framework for existing attacks on trained StableBaselines3 DRL policies.
Example Usage
from attacks_on_drl.attacker import FGSMAttacker
from attacks_on_drl.runner import AttackRunner
from attacks_on_drl.victim import DQNVictim
# Defined environment (env) and SB3 policy (policy)
# SB3 policy must be wrapped in a Victim class
victim = DQNVictim(policy)
attacker = FGSMAttacker(victim)
runner = AttackRunner(env, attacker, victim, episode_max_frames=10_000)
runner.run(n_episodes=10)
Implemented Attacks
- FGSM $\ell_\infty$ Attacker [1]
- Value Function Attack [2]
- FGSM Every N Steps Attacker [2]
- Strategically Timed Attack [3]
- Critical Point Attack [4]
Adding A Custom Attack
Any attack must implement the BaseAttacker class, implementing the abstract step method. For example, suppose we introduce an attacker which attacks using FGSM every other step:
from attacks_on_drl.attacker.common import BaseAttacker
class EveryOtherStepAttacker(BaseAttacker):
def __init__(self, victim: BaseVictim) -> None:
super().__init__()
self.victim = victim
wrapped_victim = VictimModuleWrapper(self.victim)
self._perturbation_method = FGSM(wrapped_victim, eps=eps)
self.attack = True
def step(self, observation: VecEnvObs) -> tuple[VecEnvObs, bool]:
if self.attack:
actions = torch.tensor(self.victim.choose_action(observation, deterministic=True))
observation = self._perturbation_method(torch.from_numpy(observation)).numpy()
attacked = self.attack
self.attack = not self.attack
return obseration, attacked
References
[1] Huang, S., Papernot, N., Goodfellow, I., Duan, Y. and Abbeel, P., 2017. Adversarial attacks on neural network policies. arXiv preprint arXiv:1702.02284.
[2] Kos, J. and Song, D., 2017. Delving into adversarial attacks on deep policies. arXiv preprint arXiv:1705.06452.
[3] Lin, Y.C., Hong, Z.W., Liao, Y.H., Shih, M.L., Liu, M.Y. and Sun, M., 2017. Tactics of adversarial attack on deep reinforcement learning agents. arXiv preprint arXiv:1703.06748.
[4] Sun, J., Zhang, T., Xie, X., Ma, L., Zheng, Y., Chen, K. and Liu, Y., 2020, April. Stealthy and efficient adversarial attacks against deep reinforcement learning. In Proceedings of the AAAI conference on artificial intelligence (Vol. 34, No. 04, pp. 5883-5891).
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attacks_on_drl-0.2.3.tar.gz.
File metadata
- Download URL: attacks_on_drl-0.2.3.tar.gz
- Upload date:
- Size: 10.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3102a74251b6b6f3a687f964c88ab9daa1d773bd85ac7fccc2f53407bd1179af
|
|
| MD5 |
85812c5ce65ced3ca4431764914a80e9
|
|
| BLAKE2b-256 |
282e8c11b200bfc3f89014a8d867fa57619c026837a15874069f22ec0350466d
|
File details
Details for the file attacks_on_drl-0.2.3-py3-none-any.whl.
File metadata
- Download URL: attacks_on_drl-0.2.3-py3-none-any.whl
- Upload date:
- Size: 16.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a707675e6a7d52c515fb9c6f5d2514e420c755bdc8222623c7fd92bea2d62ccc
|
|
| MD5 |
e73b7ce94fcf2966d72813b71d29856e
|
|
| BLAKE2b-256 |
0cba462db807a858988b073dc1d23c08bb7d084c09b21ac8277de494d858ea28
|
