{"created":"2025-01-19T01:45:22.705890+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00240914","sets":["6164:6165:6462:11854"]},"path":["11854"],"owner":"11","recid":"240914","title":["深層強化学習エージェントの振る舞いの操作を目的とした敵対的攻撃とその防御"],"pubdate":{"attribute_name":"PubDate","attribute_value":"2024-10-15"},"_buckets":{"deposit":"42770a25-ba83-4628-bf46-576359d9a324"},"_deposit":{"id":"240914","pid":{"type":"depid","value":"240914","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"深層強化学習エージェントの振る舞いの操作を目的とした敵対的攻撃とその防御","author_link":["662192","662193","662194","662195","662196","662197"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"深層強化学習エージェントの振る舞いの操作を目的とした敵対的攻撃とその防御","subitem_title_language":"ja"},{"subitem_title":"Targeted Attack and Robust Defense for Behavior Manipulation in Deep Reinforcement Learning","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"AI for Security, Adversarial Attack, Robust Deep Reinforcement Learning, Imitation Learning","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2024-10-15","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京科学大学"},{"subitem_text_value":"筑波大学; RIKEN AIP"},{"subitem_text_value":"東京科学大学; RIKEN AIP"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Tokyo Institute of Technology","subitem_text_language":"en"},{"subitem_text_value":"University of Tsukuba / RIKEN AIP","subitem_text_language":"en"},{"subitem_text_value":"Tokyo Institute of Technology /  RIKEN AIP","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/240914/files/IPSJ-CSS2024168.pdf","label":"IPSJ-CSS2024168.pdf"},"date":[{"dateType":"Available","dateValue":"2026-10-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-CSS2024168.pdf","filesize":[{"value":"372.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"da8af7cd-fb57-4b96-ab33-dac3e4d1ceb0","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"山辺, 翔二郎"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"福地, 一斗"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"佐久間, 淳"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shojiro, Yamabe","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Kazuto, Fukuchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Jun, Sakuma","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"深層強化学習エージェントの状態観測に対して敵対的な介入を行うことで，エージェントの振る舞いを指定通りに制御することを目的とした攻撃とその防御手法を提案する．既存の攻撃手法はすべて被害者の方策に対する完全なアクセスを仮定したホワイトボックス攻撃であり，またいくつかの手法は環境特有のヒューリスティックに依存している．本研究では模倣学習を用いることで，被害者の方策へのアクセスを制限したブラックボックスまたはノーボックス設定において，環境特有のヒューリスティックを必要とせずに被害者エージェントを操作する新しい手法を提案する．また，被害者のトラジェクトリの初期であるほど，状態変化に対する方策の行動出力の敏感度が防御性能に与える影響が大きいことを理論的に示す．これに基づき，ロバストな方策を学習する方法を提案する．強化学習ベンチマークでの実証評価により，提案された攻撃と防御手法の有効性を評価する．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"We propose the attack on reinforcement learning agents, where the adversary aims to control the victim's behavior as specified by the adversary by adding adversarial modifications to the victim's state observation and the defense against such an attack. While some attack methods have successfully manipulated the victim agent's behavior, all are white-box attacks that require full access to the victim's policy, and some rely on environment-specific heuristics. Using imitation learning, we propose new methods to manipulate the victim agent in a black-box or no-box setting, which assumes limited access to the victim's policy without requiring environment-specific heuristics. We also show theoretically that the earlier in the trajectory, the more the sensitivity of policy outputs to state changes affects defense performance. Based on this, we propose a method for learning a robust policy. Empirical evaluations on a reinforcement learning benchmark show that our proposed method outperforms the baselines.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"1265","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2024論文集"}],"bibliographicPageStart":"1258","bibliographicIssueDates":{"bibliographicIssueDate":"2024-10-15","bibliographicIssueDateType":"Issued"}}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":240914,"updated":"2025-03-06T05:56:38.528413+00:00","links":{}}