White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots

Inaki Rano; Anders Lyhne Christensen

doi:10.1109/ECMR59166.2023.10256288

White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots

Inaki Rano^*, Anders Lyhne Christensen

^*Kontaktforfatter

University of Santiago de Compostela

Publikation: Kapitel i bog/rapport/konference-proceeding › Konferencebidrag i proceedings › Forskning › peer review

Abstract

Advances in artificial intelligence (AI) play a major role in the adoption of robots for an increasingly broader range of tasks. However, as recent research has shown, AI systems, such as deep-learning models, can be vulnerable to adversarial attacks where small but carefully crafted changes to a model's input can severely compromise its performance. In this paper, we present two methods to find adversarial attacks against autonomous robots. We focus on external attacks against obstacle-Avoidance behaviour where an attacker-a robot-actively perturbs the sensor readings of a goal-seeking victim robot. In the first (white-box) method, we model the interaction between the victim and attacker as a dynamical system and generate a series of open-loop control signals for the attacker to alter the victim's behaviour. In the second (black-box) method, the assumption that the attacker has full knowledge of the system's dynamics is relaxed, and closed-loop control for the attacker is learnt through reinforcement learning. We find that both methods are able to find successful attacks against the victim robot and thus constitute viable techniques to assess the robustness of autonomous robot behaviour.

Originalsprog	Engelsk
Titel	2023 European Conference on Mobile Robots (ECMR)
Redaktører	Lino Marques, Ivan Markovic
Forlag	IEEE
Publikationsdato	2023
ISBN (Elektronisk)	9798350307047
DOI	https://doi.org/10.1109/ECMR59166.2023.10256288
Status	Udgivet - 2023
Begivenhed	11th European Conference on Mobile Robots, ECMR 2023 - Coimbra, Portugal Varighed: 4. sep. 2023 → 7. sep. 2023

Konference

Konference	11th European Conference on Mobile Robots, ECMR 2023
Land/Område	Portugal
By	Coimbra
Periode	04/09/2023 → 07/09/2023

Navn	European Conference on Mobile Robots (ECMR)
ISSN	2767-8733

Bibliografisk note

Funding Information:
ACKNOWLEDGEMENTS This work was supported by the Agencia Estatal de Inves-tigación (Spain) (AEI /PID2020-119367RB-I00), the Xunta de Galicia - Consellería de Cultura, Educación, Formación Profesional e Universidades (ED431C 2022/19) and the European Union (European Regional Development Fund).

Publisher Copyright:
© 2023 IEEE.

Dokumenter og links

10.1109/ECMR59166.2023.10256288

SDU link

Tjek adgangen til materialet i Syddansk Universitetsbiblioteks søgemaskine

Citationsformater

@inproceedings{c93e68a3330d46d4ae40f53776c6e270,

title = "White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots",

abstract = "Advances in artificial intelligence (AI) play a major role in the adoption of robots for an increasingly broader range of tasks. However, as recent research has shown, AI systems, such as deep-learning models, can be vulnerable to adversarial attacks where small but carefully crafted changes to a model's input can severely compromise its performance. In this paper, we present two methods to find adversarial attacks against autonomous robots. We focus on external attacks against obstacle-Avoidance behaviour where an attacker-a robot-actively perturbs the sensor readings of a goal-seeking victim robot. In the first (white-box) method, we model the interaction between the victim and attacker as a dynamical system and generate a series of open-loop control signals for the attacker to alter the victim's behaviour. In the second (black-box) method, the assumption that the attacker has full knowledge of the system's dynamics is relaxed, and closed-loop control for the attacker is learnt through reinforcement learning. We find that both methods are able to find successful attacks against the victim robot and thus constitute viable techniques to assess the robustness of autonomous robot behaviour.",

author = "Inaki Rano and Christensen, \{Anders Lyhne\}",

note = "Funding Information: ACKNOWLEDGEMENTS This work was supported by the Agencia Estatal de Inves-tigaci{\'o}n (Spain) (AEI /PID2020-119367RB-I00), the Xunta de Galicia - Conseller{\'i}a de Cultura, Educaci{\'o}n, Formaci{\'o}n Profesional e Universidades (ED431C 2022/19) and the European Union (European Regional Development Fund). Publisher Copyright: {\textcopyright} 2023 IEEE.; 11th European Conference on Mobile Robots, ECMR 2023 ; Conference date: 04-09-2023 Through 07-09-2023",

year = "2023",

doi = "10.1109/ECMR59166.2023.10256288",

language = "English",

series = "European Conference on Mobile Robots (ECMR)",

publisher = "IEEE",

editor = "Lino Marques and Ivan Markovic",

booktitle = "2023 European Conference on Mobile Robots (ECMR)",

address = "United States",

}

Rano, I & Christensen, AL 2023, White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots. i L Marques & I Markovic (red), 2023 European Conference on Mobile Robots (ECMR). IEEE, European Conference on Mobile Robots (ECMR), 11th European Conference on Mobile Robots, ECMR 2023, Coimbra, Portugal, 04/09/2023. https://doi.org/10.1109/ECMR59166.2023.10256288

White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots. / Rano, Inaki; Christensen, Anders Lyhne.
2023 European Conference on Mobile Robots (ECMR). red. / Lino Marques; Ivan Markovic. IEEE, 2023. (European Conference on Mobile Robots (ECMR)).

Publikation: Kapitel i bog/rapport/konference-proceeding › Konferencebidrag i proceedings › Forskning › peer review

TY - GEN

T1 - White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots

AU - Rano, Inaki

AU - Christensen, Anders Lyhne

N1 - Funding Information: ACKNOWLEDGEMENTS This work was supported by the Agencia Estatal de Inves-tigación (Spain) (AEI /PID2020-119367RB-I00), the Xunta de Galicia - Consellería de Cultura, Educación, Formación Profesional e Universidades (ED431C 2022/19) and the European Union (European Regional Development Fund). Publisher Copyright: © 2023 IEEE.

PY - 2023

Y1 - 2023

N2 - Advances in artificial intelligence (AI) play a major role in the adoption of robots for an increasingly broader range of tasks. However, as recent research has shown, AI systems, such as deep-learning models, can be vulnerable to adversarial attacks where small but carefully crafted changes to a model's input can severely compromise its performance. In this paper, we present two methods to find adversarial attacks against autonomous robots. We focus on external attacks against obstacle-Avoidance behaviour where an attacker-a robot-actively perturbs the sensor readings of a goal-seeking victim robot. In the first (white-box) method, we model the interaction between the victim and attacker as a dynamical system and generate a series of open-loop control signals for the attacker to alter the victim's behaviour. In the second (black-box) method, the assumption that the attacker has full knowledge of the system's dynamics is relaxed, and closed-loop control for the attacker is learnt through reinforcement learning. We find that both methods are able to find successful attacks against the victim robot and thus constitute viable techniques to assess the robustness of autonomous robot behaviour.

AB - Advances in artificial intelligence (AI) play a major role in the adoption of robots for an increasingly broader range of tasks. However, as recent research has shown, AI systems, such as deep-learning models, can be vulnerable to adversarial attacks where small but carefully crafted changes to a model's input can severely compromise its performance. In this paper, we present two methods to find adversarial attacks against autonomous robots. We focus on external attacks against obstacle-Avoidance behaviour where an attacker-a robot-actively perturbs the sensor readings of a goal-seeking victim robot. In the first (white-box) method, we model the interaction between the victim and attacker as a dynamical system and generate a series of open-loop control signals for the attacker to alter the victim's behaviour. In the second (black-box) method, the assumption that the attacker has full knowledge of the system's dynamics is relaxed, and closed-loop control for the attacker is learnt through reinforcement learning. We find that both methods are able to find successful attacks against the victim robot and thus constitute viable techniques to assess the robustness of autonomous robot behaviour.

U2 - 10.1109/ECMR59166.2023.10256288

DO - 10.1109/ECMR59166.2023.10256288

M3 - Article in proceedings

AN - SCOPUS:85174395218

T3 - European Conference on Mobile Robots (ECMR)

BT - 2023 European Conference on Mobile Robots (ECMR)

A2 - Marques, Lino

A2 - Markovic, Ivan

PB - IEEE

T2 - 11th European Conference on Mobile Robots, ECMR 2023

Y2 - 4 September 2023 through 7 September 2023

ER -

White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots

Abstract

Konference

Bibliografisk note

Dokumenter og links

SDU link

Fingeraftryk

Citationsformater