PGN: A perturbation generation network against deep reinforcement learning

Deep reinforcement learning has advanced greatly and applied in many areas. In this paper, we explore the vulnerability of deep reinforcement learning by proposing a novel generative model for creating effective adversarial examples to attack the agent. Our proposed model can achieve both targeted attacks and untargeted attacks. Considering the specificity of deep reinforcement learning, we propose the action consistency ratio as a measure of stealthiness, and a new measurement index of effectiveness and stealthiness. Experiment results show that our method can ensure the effectiveness and stealthiness of attack compared with other algorithms. Moreover, our methods are considerably faster and thus can achieve rapid and efficient verification of the vulnerability of deep reinforcement learning

Detecting Adversarial Directions in Deep Reinforcement Learning to Make Robust Decisions

Learning in MDPs with highly complex state representations is currently possible due to multiple advancements in reinforcement learning algorithm design. However, this incline in complexity, and furthermore the increase in the dimensions of the observation came at the cost of volatility that can be taken advantage of via adversarial attacks (i.e. moving along worst-case directions in the observation space). To solve this policy instability problem we propose a novel method to detect the presence of these non-robust directions via local quadratic approximation of the deep neural policy loss. Our method provides a theoretical basis for the fundamental cut-off between safe observations and adversarial observations. Furthermore, our technique is computationally efficient, and does not depend on the methods used to produce the worst-case directions. We conduct extensive experiments in the Arcade Learning Environment with several different adversarial attack techniques. Most significantly, we demonstrate the effectiveness of our approach even in the setting where non-robust directions are explicitly optimized to circumvent our proposed method.Comment: Published in ICML 202

Provable Adversarial Robustness for Group Equivariant Tasks: Graphs, Point Clouds, Molecules, and More

A machine learning model is traditionally considered robust if its prediction remains (almost) constant under input perturbations with small norm. However, real-world tasks like molecular property prediction or point cloud segmentation have inherent equivariances, such as rotation or permutation equivariance. In such tasks, even perturbations with large norm do not necessarily change an input's semantic content. Furthermore, there are perturbations for which a model's prediction explicitly needs to change. For the first time, we propose a sound notion of adversarial robustness that accounts for task equivariance. We then demonstrate that provable robustness can be achieved by (1) choosing a model that matches the task's equivariances (2) certifying traditional adversarial robustness. Certification methods are, however, unavailable for many models, such as those with continuous equivariances. We close this gap by developing the framework of equivariance-preserving randomized smoothing, which enables architecture-agnostic certification. We additionally derive the first architecture-specific graph edit distance certificates, i.e. sound robustness guarantees for isomorphism equivariant tasks like node classification. Overall, a sound notion of robustness is an important prerequisite for future work at the intersection of robust and geometric machine learning.Comment: Accepted at NeurIPS 202

Integrating mātauranga Māori into community resilience frameworks for the built environment

Efforts to improve community resilience have seen universal efforts to grow capabilities in disaster management for the built environment. Although comprehensive frameworks exist, the perspective used to derive these frameworks fails to address marginalised communities' vulnerabilities, including the Indigenous Māori people. Colonisation and socio-economic deprivation of Māori mean community response frameworks fail to reflect their values and specific needs when preparing and responding to natural disasters. The nature of Māori culture and values presents an opportunity to reimagine the scope of community resilience for an inclusive framework. The Māori history has resilient practices weaved into the very fabric of their culture through the oral transmission of waiata, whakataukī, whakairo, and pūrākau. The practice of community resilience amongst ancient Māori was not consigned to singular events but is a holistic perspective bound to their manner of living. Sourcing and qualifying this information from people aligned and immersed in nature is the knowledge required to improve the frameworks to respond to natural disasters while expanding the literature on community resilience. This study collaborated with Ngāti Toa to represent the Māori worldview using tikanga Māori and Kaupapa Māori methodology in an action-based participatory research approach. The research analyzed traditional Māori resilience through wānanga and korero kanohi-ki-te-kanohi and evaluated various mātauranga, tikanga, and kaupapa that relate to the resilient nature of Ngāti Toa. Modern Māori perspectives of community resilience were compared to this information using a realistic earthquake scenario in the Wellington region. This led to expanding community resilience to be more inclusive of Māori communities and informed measures to enhance their resilience and address their unique needs following a disaster. This study found that the Ngāti Toa community employs traditional resilience practices dating back to their migration to Aotearoa from Hawaiki. These practices are community-led and grounded in unity, with resilience being viewed as a collective responsibility. The study identified various Te Ao Māori resilience principles by translating traditional resilience principles into corresponding Te Ao Māori principles. A response and recovery plan was developed for Ngāti Toa in response to a realistic earthquake scenario. This plan includes a vulnerability matrix and a community resilience calculator to inform Ngāti Toa of their vulnerability level and needs following a disaster. The community resilience frameworks developed for the Wellington region in response to the 7.5 magnitude earthquake were found to be economically dependent and did not utilize the response capabilities and strengths of Ngāti Toa. The frameworks lacked proper representation from Ngāti Toa and failed to address the needs of the Māori community in Wellington, resulting in inequitable outcomes. To rectify this, Page | iii community resilience frameworks for Māori should adopt a principle-based approach that supports collaborative engagement and integrates Māori cultural values. Unity is a crucial strength underpinning Māori resilience. Technological mediums such as retrofitting Marae should be developed to enhance Māori response capabilities and harness the strengths of Te Ao Māori resilience

RESCUE: Evaluation of a Fragmented Secret Share System in Distributed-Cloud Architecture

Scaling big data infrastructure using multi-cloud environment has led to the demand for highly secure, resilient and reliable data sharing method. Several variants of secret sharing scheme have been proposed but there remains a gap in knowledge on the evaluation of these methods in relation to scalability, resilience and key management as volume of files generated increase and cloud outages persist. In line with these, this thesis presents an evaluation of a method that combines data fragmentation with Shamir’s secret sharing scheme known as Fragmented Secret Share System (FSSS). It applies data fragmentation using a calculated optimum fragment size and encrypts each fragment using a 256-bit AES key length before dispersal to cloudlets, the encryption key is managed using secret sharing methods as used in cryptography.Four experiments were performed to measure the scalability, resilience and reliability in key management. The first and second experiments evaluated scalability using defined fragment blocks and an optimum fragment size. These fragment types were used to break file of varied sizes into fragments, and then encrypted and dispersed to the cloud, and recovered when required. Both were used in combination of different secret sharing policies for key management. The third experiment tested file recovery during cloud failures, while the fourth experiment focused on efficient key management.The contributions of this thesis are of two ways: development of evaluation frameworks to measure scalability and resilience of data sharing methods; and the provision of information on relationships between file sizes and share policies combinations. While the first aimed at providing platform to measure scalability from the point of continuous production as file size and volume increase, and resilience as the potential to continue operation despite cloud outages; the second provides experimental frameworks on the effects of file sizes and share policies on overall system performance.The results of evaluation of FSSS with similar methods showed that the fragmentation method has less overhead costs irrespective of file sizes and the share policy combination. That the inherent challenges in secret sharing scheme can only be solved through alternative means such as combining secret sharing with other data fragmentation method. In all, the system is less of any erasure coding technique, making it difficult to detect corrupt or lost fragment during file recovery

Adversarial Robust Deep Reinforcement Learning Requires Redefining Robustness

Learning from raw high dimensional data via interaction with a given environment has been effectively achieved through the utilization of deep neural networks. Yet the observed degradation in policy performance caused by imperceptible worst-case policy dependent translations along high sensitivity directions (i.e. adversarial perturbations) raises concerns on the robustness of deep reinforcement learning policies. In our paper, we show that these high sensitivity directions do not lie only along particular worst-case directions, but rather are more abundant in the deep neural policy landscape and can be found via more natural means in a black-box setting. Furthermore, we show that vanilla training techniques intriguingly result in learning more robust policies compared to the policies learnt via the state-of-the-art adversarial training techniques. We believe our work lays out intriguing properties of the deep reinforcement learning policy manifold and our results can help to build robust and generalizable deep reinforcement learning policies