基于改进交叉熵的模仿学习鲁棒性增强方法
CSTR:
作者:
作者单位:

1. 浙江工业大学 网络空间安全研究院,杭州 310023;2. 浙江工业大学 信息工程学院,杭州 310023;3. 信息安全国家重点实验室,北京 100039;4. 中国电子科技集团公司第三十六研究所,浙江 嘉兴 314001;5. 嘉兴南湖学院 信息工程学院,浙江 嘉兴 314001

作者简介:

通讯作者:

E-mail: chenjinyin@zjut.edu.cn.

中图分类号:

TP273

基金项目:

国家自然科学基金项目(62072406);浙江省自然科学基金项目(LY19F020025);宁波市“科技创新2025”重大专项项目(2018B10063);科技创新2030-----“新一代人工智能”重大项目(2018AAA0100801);浙江省重点研发计划项目(2021C01117);浙江省“万人计划”科技创新领军人才项目(2020R52011).


Imitation learning robustness enhancement based on modified cross entropy
Author:
Affiliation:

1. Institute of Cyberspace Security,Zhejiang University of Technology,Hangzhou 310023,China;2. College of Information Engineering,Zhejiang University of Technology,Hangzhou 310023,China;3. National Key Laboratory of Science and Technology on Information System Security,Beijing 100039,China;4. The 36th Research Institute of China Electronics Technology Group Corporation,Jiaxing 314001,China;5. School of Information Engineering,Jiaxing Nanhu University,Jiaxing 314001,China

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    模仿学习是一种模仿专家示例的学习模式,需要大量数据样本进行监督训练,如果专家示例掺杂恶意样本或探索数据受到噪声干扰,则影响学徒学习并累积学习误差;另一方面,模仿学习使用的深度模型容易受到对抗攻击.针对模仿学习的模型安全问题,从模型损失以及模型结构两个方面分别进行防御.在模型损失方面,提出基于改进交叉熵的模仿学习鲁棒性增强方法;在模型结构方面,利用噪声网络模型提高模仿学习的鲁棒性,并结合改进交叉熵提高模型对对抗样本的抵御能力.使用3种白盒攻击及1种黑盒攻击方法进行防御性能验证,以生成对抗模仿学习为例,通过各种攻击策略验证所提出的鲁棒性增强方法的可行性以及模仿学习的脆弱性,并对模型的鲁棒性增强效果进行评估.

    Abstract:

    Imitation learning is a learning mode characterized by the way of imitating expert examples, which requires many data samples for supervised learning. Once the expert examples are mixed with malicious examples or the exploration data is disturbed, it may affect the students’ learning and accumulate learning errors. On the other hand, the deep learning model used by the imitation learning is vulnerable to adversarial attacks. Addressing to the security threat of imitation learning, this paper defends it from two aspects, including model loss and model structure. In terms of model loss, a robust enhancement method for imitation learning based on improved cross-entropy is proposed. In terms of model structure, the existing robust enhancement method for a noise network is applied to verify the robustness enhancement effect. The noise network is also combined with improved cross entropy to improve the model's robustness. Three white box attacks and one black box attack methods in deep learning are applied to imitation learning to verify the defense performance of the proposed method. Specifically, generative adversarial imitation learning (GAIL) is selected as an example. The feasibility of the robustness enhancement method and the fragility of the imitation learning model are verified by various attack strategies, and the robustness enhancement effect of the model is evaluated.

    参考文献
    相似文献
    引证文献
引用本文

李晓豪,郑海斌,王雪柯,等.基于改进交叉熵的模仿学习鲁棒性增强方法[J].控制与决策,2024,39(3):768-776

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:
  • 最后修改日期:
  • 录用日期:
  • 在线发布日期: 2024-02-25
  • 出版日期: 2024-03-20
文章二维码