Neutral Agent-based Adversarial Policy Learning against Deep Reinforcement Learning in Multi-party Open Systems
Qizhou Peng, Yang Zheng, Yu Wen, Yanna Wu, Yingying Du
TL;DR
This work tackles the vulnerability of deep reinforcement learning in multi-party open systems by proposing neutral agent-based adversarial policy learning that does not require environment manipulation or direct victim interaction. It introduces a reward design grounded in victim failure paths and an estimation-based reward model using LSTM to operate under partial observability, all within a QMIX-based MARL framework that maximizes the total Q-value $Q^{tot}$. Empirically, the method generalizes across StarCraft II SMAC and Highway-env tasks, achieving substantial reductions in victim success and faster convergence than baselines; increasing adversarial density enhances effectiveness, and common defenses offer limited protection in open settings. The results underscore practical risks for open DRL systems and provide guidance for designing robust defenses against neutral-agent adversarial strategies.
Abstract
Reinforcement learning (RL) has been an important machine learning paradigm for solving long-horizon sequential decision-making problems under uncertainty. By integrating deep neural networks (DNNs) into the RL framework, deep reinforcement learning (DRL) has emerged, which achieved significant success in various domains. However, the integration of DNNs also makes it vulnerable to adversarial attacks. Existing adversarial attack techniques mainly focus on either directly manipulating the environment with which a victim agent interacts or deploying an adversarial agent that interacts with the victim agent to induce abnormal behaviors. While these techniques achieve promising results, their adoption in multi-party open systems remains limited due to two major reasons: impractical assumption of full control over the environment and dependent on interactions with victim agents. To enable adversarial attacks in multi-party open systems, in this paper, we redesigned an adversarial policy learning approach that can mislead well-trained victim agents without requiring direct interactions with these agents or full control over their environments. Particularly, we propose a neutral agent-based approach across various task scenarios in multi-party open systems. While the neutral agents seemingly are detached from the victim agents, indirectly influence them through the shared environment. We evaluate our proposed method on the SMAC platform based on Starcraft II and the autonomous driving simulation platform Highway-env. The experimental results demonstrate that our method can launch general and effective adversarial attacks in multi-party open systems.