Authors:
Dayu Zhang
1
;
Nasser Azad
1
;
Sebastian Fischmeister
2
and
Stefan Marksteiner
3
Affiliations:
1
Systems Design Engineering, University of Waterloo, 200 University Ave. W, Waterloo, Ontario, Canada
;
2
Electrical and Computer Engineering, University of Waterloo, 200 University Ave. W, Waterloo, Ontario, Canada
;
3
AVL List GmbH. Hans-List-Platz 1, 8020 Graz, Austria
Keyword(s):
Deep Reinforcement Learning, Adversarial Training, Zeroth-Order Optimization, Autonomous Vehicles.
Abstract:
As Autonomous Vehicles (AVs) become prevalent, their reinforcement learning-based decision-making algorithms, especially those governing highway lane changes, are potentially vulnerable to adversarial attacks. This study investigates the vulnerability of Deep Q-Network (DQN) and Deep Deterministic Policy Gradient (DDPG) reinforcement learning algorithms to black-box attacks. We utilize zeroth-order optimization methods like ZO-SignSGD, allowing effective attacks without gradient information, revealing vulnerabilities in the existing systems. Our results demonstrate that these attacks can significantly degrade the performance of the AV, reducing their rewards by 60 percent and more. We also explore adversarial training as a defensive measure, which enhances the robustness of the DRL algorithms but at the expense of overall performance. Our findings underline the necessity of developing robust and secure reinforcement learning algorithms for AVs, urging further research into comprehens
ive defense strategies. The work is the first to apply zeroth-order optimization attacks on reinforcement learning in AVs, highlighting the imperative for balancing robustness and accuracy in AV algorithms.
(More)