Trade-Off Between Robustness and Rewards Adversarial Training for Deep Reinforcement Learning Under Large Perturbations

Deep Reinforcement Learning (DRL) has become a popular approach for training robots due to its generalization promise, complex task capacity and minimal human intervention. Nevertheless, DRL-trained controllers are vulnerable to even the smallest of perturbations on its inputs which can lead to cata...

Full description

Saved in:
Bibliographic Details
Published inIEEE robotics and automation letters Vol. 8; no. 12; pp. 8018 - 8025
Main Authors Huang, Jeffrey, Choi, Ho Jin, Figueroa, Nadia
Format Journal Article
LanguageEnglish
Published Piscataway IEEE 01.12.2023
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects
Adversarial machine learning
Cart-pole problem
Deep learning
Manipulators
Perturbation
Perturbation methods
Reinforcement learning
Robot sensing systems
robotic manipulation
Robust control
Robustness
Tradeoffs
Online AccessGet full text

Cover

Abstract Deep Reinforcement Learning (DRL) has become a popular approach for training robots due to its generalization promise, complex task capacity and minimal human intervention. Nevertheless, DRL-trained controllers are vulnerable to even the smallest of perturbations on its inputs which can lead to catastrophic failures in real-world human-centric environments with large and unexpected perturbations. In this work, we study the vulnerability of state-of-the-art DRL subject to large perturbations and propose a novel adversarial training framework for robust control. Our approach generates aggressive attacks on the state space and the expected state-action values to emulate real-world perturbations such as sensor noise, perception failures, physical perturbations, observations mismatch, etc. To achieve this, we reformulate the adversarial risk to yield a trade-off between rewards and robustness (TBRR). We show that TBRR-aided DRL training is robust to aggressive attacks and outperforms baselines on standard DRL benchmarks (Cartpole, Pendulum), Meta-World tasks (door manipulation) and a vision-based grasping task with a 7DoF manipulator. Finally, we show that the vision-based grasping task trained in simulation via TBRR transfers sim2real with 70% success rate subject to sensor impairment and physical perturbations without any retraining.
AbstractList Deep Reinforcement Learning (DRL) has become a popular approach for training robots due to its generalization promise, complex task capacity and minimal human intervention. Nevertheless, DRL-trained controllers are vulnerable to even the smallest of perturbations on its inputs which can lead to catastrophic failures in real-world human-centric environments with large and unexpected perturbations. In this work, we study the vulnerability of state-of-the-art DRL subject to large perturbations and propose a novel adversarial training framework for robust control. Our approach generates aggressive attacks on the state space and the expected state-action values to emulate real-world perturbations such as sensor noise, perception failures, physical perturbations, observations mismatch, etc. To achieve this, we reformulate the adversarial risk to yield a trade-off between rewards and robustness (TBRR). We show that TBRR-aided DRL training is robust to aggressive attacks and outperforms baselines on standard DRL benchmarks (Cartpole, Pendulum), Meta-World tasks (door manipulation) and a vision-based grasping task with a 7DoF manipulator. Finally, we show that the vision-based grasping task trained in simulation via TBRR transfers sim2real with 70% success rate subject to sensor impairment and physical perturbations without any retraining.
Author Choi, Ho Jin
Huang, Jeffrey
Figueroa, Nadia
Author_xml – sequence: 1
  givenname: Jeffrey
  orcidid: 0009-0000-8358-5435
  surname: Huang
  fullname: Huang, Jeffrey
  email: jefhuang@seas.upenn.edu
  organization: Department of Electrical and Systems Engineering, University of Pennsylvania, Philadelphia, PA, USA
– sequence: 2
  givenname: Ho Jin
  surname: Choi
  fullname: Choi, Ho Jin
  email: cr139139@seas.upenn.edu
  organization: Department of Mechanical Engineering and Applied Mechanics, University of Pennsylvania, Philadelphia, PA, USA
– sequence: 3
  givenname: Nadia
  orcidid: 0000-0002-6873-4671
  surname: Figueroa
  fullname: Figueroa, Nadia
  email: nadiafig@seas.upenn.edu
  organization: Department of Mechanical Engineering and Applied Mechanics, University of Pennsylvania, Philadelphia, PA, USA
BookMark eNpNkM1rAjEQxUOxUGu999BDoOe1-VqTPVr7CQsW0XOIm4msaNYmu5X-943Vg6eZ4b03w_xuUc83HhC6p2REKSmeyvlkxAjjI86ZyAtyhfqMS5lxOR73LvobNIxxQwihOZO8yPvosAjGQjZzDj9DewDweN6suth6iBEbb_EcDibYiCf2B0I0oTZbnEK1r_0auybgF4B9ctU-DRXswLe4BBP-9aW3EHBpwhrwF4S2CyvT1o2Pd-jamW2E4bkO0PLtdTH9yMrZ--d0UmZVeqTNBJHWGEmls8SBEo4oIRQjBXBSKcckNTkHxsZWiIrJlVCWVYxJYQvuhHF8gB5Pe_eh-e4gtnrTdMGnk5opRfOEQorkIidXFZoYAzi9D_XOhF9NiT4S1omwPhLWZ8Ip8nCK1ABwYWdKFEn-A1-5eXA
CODEN IRALC6
Cites_doi 10.1109/SMC.2017.8122622
10.1109/IROS.2017.8206245
10.1109/CVPR42600.2020.00032
10.1109/LRA.2015.2509025
10.18653/v1/D17-1215
10.1109/ICRA.2018.8460756
10.1109/ICCV.2017.153
10.24963/ijcai.2017/525
10.1109/TAI.2021.3111139
10.1109/ICRA.2017.7989385
10.1609/aaai.v30i1.10295
10.1109/ICRA48506.2021.9561036
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023
DBID 97E
RIA
RIE
AAYXX
CITATION
7SC
7SP
8FD
JQ2
L7M
L~C
L~D
DOI 10.1109/LRA.2023.3324590
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Technology Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
Technology Research Database
Computer and Information Systems Abstracts – Academic
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
DatabaseTitleList Technology Research Database
Database_xml – sequence: 1
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2377-3766
EndPage 8025
ExternalDocumentID 10_1109_LRA_2023_3324590
10284990
Genre orig-research
GroupedDBID 0R~
97E
AAJGR
AARMG
AASAJ
AAWTH
ABAZT
ABQJQ
ABVLG
ACGFS
AGQYO
AGSQL
AHBIQ
AKJIK
AKQYR
ALMA_UNASSIGNED_HOLDINGS
ATWAV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
EBS
EJD
IFIPE
IPLJI
JAVBF
KQ8
M43
M~E
O9-
OCL
RIA
RIE
AAYXX
CITATION
RIG
7SC
7SP
8FD
JQ2
L7M
L~C
L~D
ID FETCH-LOGICAL-c245t-407daa717fd0fe84f08448209e30c8f271a53e226d44c27b48d2c2274d93f4af3
IEDL.DBID RIE
ISSN 2377-3766
IngestDate Mon Jun 30 02:46:47 EDT 2025
Tue Jul 01 03:54:24 EDT 2025
Wed Aug 27 02:36:31 EDT 2025
IsPeerReviewed true
IsScholarly true
Issue 12
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/IEEE.html
https://doi.org/10.15223/policy-029
https://doi.org/10.15223/policy-037
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c245t-407daa717fd0fe84f08448209e30c8f271a53e226d44c27b48d2c2274d93f4af3
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0009-0000-8358-5435
0000-0002-6873-4671
PQID 2881500174
PQPubID 4437225
PageCount 8
ParticipantIDs ieee_primary_10284990
proquest_journals_2881500174
crossref_primary_10_1109_LRA_2023_3324590
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate 2023-12-01
PublicationDateYYYYMMDD 2023-12-01
PublicationDate_xml – month: 12
  year: 2023
  text: 2023-12-01
  day: 01
PublicationDecade 2020
PublicationPlace Piscataway
PublicationPlace_xml – name: Piscataway
PublicationTitle IEEE robotics and automation letters
PublicationTitleAbbrev LRA
PublicationYear 2023
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref15
zhang (ref6) 0
ref36
wang (ref23) 0
oikarinen (ref25) 0
ref2
kannan (ref39) 2018
mankowitz (ref11) 0
ref1
ref17
ref19
liu (ref21) 0
ilyas (ref32) 0
ref18
zhao (ref37) 0
mnih (ref27) 2013
wang (ref7) 0
tennenholtz (ref14) 0
he (ref34) 0
madry (ref5) 0
ref26
pinto (ref12) 0
weng (ref10) 0
ref42
rajeswaran (ref35) 2016
yu (ref31) 0
brockman (ref43) 2016
croce (ref20) 0
huang (ref8) 2017
kalashnikov (ref3) 2018
wu (ref38) 0
ref28
haarnoja (ref30) 0
ref29
billard (ref41) 2022
zhang (ref24) 0
ref9
szegedy (ref16) 0
goodfellow (ref4) 2014
croce (ref33) 0
simonyan (ref40) 2014
gleave (ref13) 2019
pattanaik (ref22) 0
References_xml – start-page: 21024
  year: 0
  ident: ref24
  article-title: Robust deep reinforcement learning against adversarial perturbations on state observations
  publication-title: Proc Adv Neural Inf Process Syst
– start-page: 844
  year: 0
  ident: ref37
  article-title: Adversarially regularized policy learning guided by trajectory optimization
  publication-title: Proc Learn Dyn Control Conf
– year: 0
  ident: ref21
  article-title: Delving into transferable adversarial examples and black-box attacks
  publication-title: Proc Int Conf Learn Representations
– year: 2022
  ident: ref41
  publication-title: Learning for Adaptive and Reactive Robot Control A Dynamical Systems Approach
– year: 2016
  ident: ref43
  article-title: OpenAI Gym
– ident: ref29
  doi: 10.1109/SMC.2017.8122622
– year: 0
  ident: ref11
  article-title: Robust reinforcement learning for continuous control with model misspecification
  publication-title: Proc Int Conf Learn Representations
– year: 0
  ident: ref16
  article-title: Intriguing properties of neural networks
  publication-title: Proc 2nd Int Conf Learn Representations
– start-page: 26156
  year: 0
  ident: ref25
  article-title: Robust deep reinforcement learning through adversarial loss
  publication-title: Proc Adv Neural Inf Process Syst
– start-page: 2817
  year: 0
  ident: ref12
  article-title: Robust adversarial reinforcement learning
  publication-title: Proc 34th Int Conf Mach Learn
– ident: ref36
  doi: 10.1109/IROS.2017.8206245
– start-page: 10056
  year: 0
  ident: ref23
  article-title: Neural network control policy verification with persistent adversarial perturbations
  publication-title: Proc 37th Int Conf Mach Learn
– year: 0
  ident: ref14
  article-title: On covariate shift of latent confounders in imitation and reinforcement learning
– start-page: 1861
  year: 0
  ident: ref30
  article-title: Soft actor-critic: Off-policy maximum entropy deep reinforcement learning with a stochastic actor
  publication-title: Proc Int Conf Mach Learn
– year: 2014
  ident: ref40
  article-title: Very deep convolutional networks for large-scale image recognition
– ident: ref19
  doi: 10.1109/CVPR42600.2020.00032
– ident: ref42
  doi: 10.1109/LRA.2015.2509025
– start-page: 2040
  year: 0
  ident: ref22
  article-title: Robust deep reinforcement learning with adversarial attacks
  publication-title: Proc 17th Int Conf Auton Agents MultiAgent Syst
– year: 2017
  ident: ref8
  article-title: Adversarial attacks on neural network policies
– ident: ref18
  doi: 10.18653/v1/D17-1215
– ident: ref2
  doi: 10.1109/ICRA.2018.8460756
– year: 2018
  ident: ref3
  article-title: QT-Opt: Scalable deep reinforcement learning for vision-based robotic manipulation
– ident: ref17
  doi: 10.1109/ICCV.2017.153
– start-page: 2206
  year: 0
  ident: ref33
  article-title: Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks
  publication-title: Proc Int Conf Mach Learn
– start-page: 1094
  year: 0
  ident: ref31
  article-title: Meta-World: A benchmark and evaluation for multi-task and meta reinforcement learning
  publication-title: Proc Conf Robot Learn
– year: 0
  ident: ref10
  article-title: Toward evaluating robustness of deep reinforcement learning with continuous control
  publication-title: Proc Int Conf Learn Representations
– start-page: 2137
  year: 0
  ident: ref32
  article-title: Black-box adversarial attacks with limited queries and information
  publication-title: Proc Int Conf Mach Learn
– year: 0
  ident: ref5
  article-title: Towards deep learning models resistant to adversarial attacks
  publication-title: Proc Int Conf Learn Representations
– year: 0
  ident: ref7
  article-title: Improving adversarial robustness requires revisiting misclassified examples
  publication-title: Proc Int Conf Learn Representations
– year: 2016
  ident: ref35
  article-title: EPOpt: Learning robust neural network policies using model ensembles
– year: 2019
  ident: ref13
  article-title: Adversarial policies: Attacking deep reinforcement learning
– ident: ref9
  doi: 10.24963/ijcai.2017/525
– year: 0
  ident: ref34
  article-title: Adversarial example defense: Ensembles of weak defenses are not strong
  publication-title: Proc 11th USENIX Workshop Offensive Technol
– year: 2018
  ident: ref39
  article-title: Adversarial logit pairing
– ident: ref15
  doi: 10.1109/TAI.2021.3111139
– start-page: 2021
  year: 0
  ident: ref20
  article-title: Robustbench: A standardized adversarial robustness benchmark
  publication-title: Proc 35th Conf Neural Inf Process Syst Datasets Benchmarks Track
– year: 2014
  ident: ref4
  article-title: Explaining and harnessing adversarial examples
– ident: ref1
  doi: 10.1109/ICRA.2017.7989385
– ident: ref28
  doi: 10.1609/aaai.v30i1.10295
– start-page: 24177
  year: 0
  ident: ref38
  article-title: Robust deep reinforcement learning through bootstrapped opportunistic curriculum
  publication-title: Proc Int Conf Mach Learn
– year: 2013
  ident: ref27
  article-title: Playing Atari with deep reinforcement learning
– ident: ref26
  doi: 10.1109/ICRA48506.2021.9561036
– start-page: 7472
  year: 0
  ident: ref6
  article-title: Theoretically principled trade-off between robustness and accuracy
  publication-title: Proc Int Conf Mach Learn
SSID ssj0001527395
Score 2.2470553
Snippet Deep Reinforcement Learning (DRL) has become a popular approach for training robots due to its generalization promise, complex task capacity and minimal human...
SourceID proquest
crossref
ieee
SourceType Aggregation Database
Index Database
Publisher
StartPage 8018
SubjectTerms Adversarial machine learning
Cart-pole problem
Deep learning
Manipulators
Perturbation
Perturbation methods
Reinforcement learning
Robot sensing systems
robotic manipulation
Robust control
Robustness
Tradeoffs
Title Trade-Off Between Robustness and Rewards Adversarial Training for Deep Reinforcement Learning Under Large Perturbations
URI https://ieeexplore.ieee.org/document/10284990
https://www.proquest.com/docview/2881500174
Volume 8
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwELaACQaeRZSXPLAwJHUcJ03G8hJCLaCKSt0iP84MSG3VJkJi4LdzdlJRgZDYMjiR5bvcfd_5HoRcQJpqIXMdWG5ZIBLkrFKxbpDyLEqZNLESrt558Jjej8TDOBk3xeq-FgYAfPIZhO7R3-Wbqa5cqKzjnCEidGTo68jc6mKt74CKayWWJ8urSJZ3-sNe6KaDhzGihsRZ3RXX42ep_DLA3qvc7ZDH5X7qZJK3sCpVqD9-tGr894Z3yXaDL2mvVog9sgaTfbK10nXwgLyjfzIQPFlLr-osLTqcqmpROqtH5cTQIbhc2gX105oX0ukofWlmSVBEufQGYIarfNdV7QOMtGnU-kr9JCXadxnm9Bnm6NJUHRVskdHd7cv1fdDMXwg0nleJ1LJrpES-Zw2zkAnLMiRznOUQM51Z3o1kEgPiNyOE5l0lMsM1R5pr8tgKaeNDsjGZTuCIUJ3JBBIGlgGulSC5VIopKyFnxkRRm1wuRVPM6jYbhacnLC9QjIUTY9GIsU1a7qRX1tWH3CanS2EWzY-4KHiWIeRFsyOO_3jthGy6r9cpKqdko5xXcIZAo1TnZH3weXvu1ewL3nTUAA
linkProvider IEEE
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07T8MwELYQDMDAG1Eo4IGFIcF1nDQZy6Mq0BZUFYkt8uPMgNRWbSokfj1nJxUVCIktg6NYvsvd953vQcgFJIkWMtOB5ZYFIkbOKhVrBglPGwmTJlLC1Tv3-knnRTy8xq9VsbqvhQEAn3wGoXv0d_lmrOcuVHblnCEidGToa-j4Y16Wa32HVFwzsSxeXEay7Ko7aIVuPngYIW6Ind1dcj5-msovE-z9Snub9Bc7KtNJ3sN5oUL9-aNZ47-3vEO2KoRJW6VK7JIVGO2RzaW-g_vkAz2UgeDJWnpd5mnRwVjNZ4Wze1SODB2Ay6adUT-veSadltJhNU2CIs6ltwATXOX7rmofYqRVq9Y36mcp0a7LMafPMEWnpsq44AF5ad8NbzpBNYEh0HheBZLLppESGZ81zEIqLEuRznGWQcR0anmzIeMIEMEZITRvKpEarjkSXZNFVkgbHZLV0XgER4TqVMYQM7AMcK0EyaVSTFkJGTOm0aiRy4Vo8knZaCP3BIVlOYoxd2LMKzHWyIE76aV15SHXSH0hzLz6FWc5T1MEvWh4xPEfr52T9c6w18279_3HE7LhvlQmrNTJajGdwynCjkKdeWX7AhHs1hk
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Trade-Off+Between+Robustness+and+Rewards+Adversarial+Training+for+Deep+Reinforcement+Learning+Under+Large+Perturbations&rft.jtitle=IEEE+robotics+and+automation+letters&rft.au=Huang%2C+Jeffrey&rft.au=Choi%2C+Ho+Jin&rft.au=Figueroa%2C+Nadia&rft.date=2023-12-01&rft.pub=IEEE&rft.eissn=2377-3766&rft.volume=8&rft.issue=12&rft.spage=8018&rft.epage=8025&rft_id=info:doi/10.1109%2FLRA.2023.3324590&rft.externalDocID=10284990
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2377-3766&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2377-3766&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2377-3766&client=summon