TY - GEN
T1 - White-Box and Black-Box Adversarial Attacks to Obstacle Avoidance in Mobile Robots
AU - Rano, Inaki
AU - Christensen, Anders Lyhne
N1 - Funding Information:
ACKNOWLEDGEMENTS This work was supported by the Agencia Estatal de Inves-tigación (Spain) (AEI /PID2020-119367RB-I00), the Xunta de Galicia - Consellería de Cultura, Educación, Formación Profesional e Universidades (ED431C 2022/19) and the European Union (European Regional Development Fund).
Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Advances in artificial intelligence (AI) play a major role in the adoption of robots for an increasingly broader range of tasks. However, as recent research has shown, AI systems, such as deep-learning models, can be vulnerable to adversarial attacks where small but carefully crafted changes to a model's input can severely compromise its performance. In this paper, we present two methods to find adversarial attacks against autonomous robots. We focus on external attacks against obstacle-Avoidance behaviour where an attacker-a robot-actively perturbs the sensor readings of a goal-seeking victim robot. In the first (white-box) method, we model the interaction between the victim and attacker as a dynamical system and generate a series of open-loop control signals for the attacker to alter the victim's behaviour. In the second (black-box) method, the assumption that the attacker has full knowledge of the system's dynamics is relaxed, and closed-loop control for the attacker is learnt through reinforcement learning. We find that both methods are able to find successful attacks against the victim robot and thus constitute viable techniques to assess the robustness of autonomous robot behaviour.
AB - Advances in artificial intelligence (AI) play a major role in the adoption of robots for an increasingly broader range of tasks. However, as recent research has shown, AI systems, such as deep-learning models, can be vulnerable to adversarial attacks where small but carefully crafted changes to a model's input can severely compromise its performance. In this paper, we present two methods to find adversarial attacks against autonomous robots. We focus on external attacks against obstacle-Avoidance behaviour where an attacker-a robot-actively perturbs the sensor readings of a goal-seeking victim robot. In the first (white-box) method, we model the interaction between the victim and attacker as a dynamical system and generate a series of open-loop control signals for the attacker to alter the victim's behaviour. In the second (black-box) method, the assumption that the attacker has full knowledge of the system's dynamics is relaxed, and closed-loop control for the attacker is learnt through reinforcement learning. We find that both methods are able to find successful attacks against the victim robot and thus constitute viable techniques to assess the robustness of autonomous robot behaviour.
U2 - 10.1109/ECMR59166.2023.10256288
DO - 10.1109/ECMR59166.2023.10256288
M3 - Article in proceedings
AN - SCOPUS:85174395218
T3 - European Conference on Mobile Robots (ECMR)
BT - 2023 European Conference on Mobile Robots (ECMR)
A2 - Marques, Lino
A2 - Markovic, Ivan
PB - IEEE
T2 - 11th European Conference on Mobile Robots, ECMR 2023
Y2 - 4 September 2023 through 7 September 2023
ER -