Machine learning classifiers are known to be prone to error when exposed to small input changes constructed by adversaries. In recent work, it has been shown that these adversarial attacks are also effective when targeting neural network policies in reinforcement learning. Our aim is to extend previous work on quantifying neural network robustness against adversarial attacks on classification tasks to reinforcement learning. Specifically, we will be computing mathematical lower bounds on the magnitude of perturbations required to fool the policy in the RL domain. This will require finding a natural and efficient way of calculating these bounds in a reinforcement learning setting that takes advantage of the characteristics of RL problems and the types of attacks RL policies are exposed to.

“I am participating in SuperUROP because I want to be exposed to high level research in my major and be better prepared for graduate school and/or career in research. I have studied a lot of machine learning through classwork as well as online during my free time and for previous UROP/internships. I’m most excited to learn more about the current research on adversarial attacks and how to avoid them.”