Deep Neural Network-based systems are now the state-of-the-art in many robotics tasks, but their application in safety-critical domains remains dangerous without formal guarantees on network robustness. Small perturbations to sensor inputs (from noise or adversarial examples) are often enough to change network-based decisions, which was already shown to cause an autonomous vehicle to swerve into oncoming traffic. In light of these dangers, numerous algorithms have been developed as defensive mechanisms from these adversarial inputs, some of which provide formal robustness guarantees or certificates. This work leverages research on certified adversarial robustness to develop an online certified defense for deep reinforcement learning algorithms. The proposed defense computes guaranteed lower bounds on state-action values during execution to identify and choose the optimal action under a worst-case deviation in input space due to possible adversaries or noise. The approach is demonstrated on a Deep Q-Network policy and is shown to increase robustness to noise and adversaries in pedestrian collision avoidance scenarios and a classic control task.

本文研究基于深度神经网络的自主决策系统的安全性，提出了一种基于认证对抗鲁棒性的在线防御机制，该机制计算执行过程中状态-动作值的保证下限，以在可能存在对手或噪声导致输入空间最差情况偏离选择最佳行动，在行人碰撞回避场景和一个经典控制任务中，该方法显示出提高对噪声和对手的鲁棒性。

深度强化学习的认证对抗鲁棒性