Advances in computing resources have resulted in the increasing complexity of
cyber-physical systems (CPS). As the complexity of CPS evolved, the focus has
shifted from traditional control methods to deep reinforcement learning-based
(DRL) methods for control of these systems. This is due to the difficulty of
obtaining accurate models of complex CPS for traditional control. However, to
securely deploy DRL in production, it is essential to examine the weaknesses of
DRL-based controllers (policies) towards malicious attacks from all angles. In
this work, we investigate targeted attacks in the action-space domain, also
commonly known as actuation attacks in CPS literature, which perturbs the
outputs of a controller. We show that a query-based black-box attack model that
generates optimal perturbations with respect to an adversarial goal can be
formulated as another reinforcement learning problem. Thus, such an adversarial
policy can be trained using conventional DRL methods. Experimental results
showed that adversarial policies that only observe the nominal policy’s output
generate stronger attacks than adversarial policies that observe the nominal
policy’s input and output. Further analysis reveals that nominal policies whose
outputs are frequently at the boundaries of the action space are naturally more
robust towards adversarial policies. Lastly, we propose the use of adversarial
training with transfer learning to induce robust behaviors into the nominal
policy, which decreases the rate of successful targeted attacks by 50%.

By admin