Ren received Amazon AWS Machine Learning Research Award

Max Yi Ren and Yezhou Yang received Amazon AWS Machine Learning Research Award.

Title: Robust Reinforcement Learning Against Trojans through Active Counterfactual Reasoning

Abstract:

Vulnerability of neural networks under adversarial attacks has raised serious concerns and extensive research. Recent studies further exposed the risks of such vulnerability in allowing Trojans attacks through data corruption. Such corruption can create backdoors in vision models, e.g., to robustly trigger misclassification of traffic signs by painting pre-specified graffiti onto the signs; or in control models, e.g., to force misbehavior of a robot by showing it a pre-specified visual cue. Trojan attacks are hard to be detected since the corruption has minimal influence on model performance under benign inputs. This vulnerability to Trojans is intrinsic to models that learn correlations without understanding causality. For example, a dog will wrongfully react to the owner’s ball-throwing pose even without observing the ball throwing out, due to a learned correlation between arm-swinging and reward-earning. A smarter agent, however, will perform counterfactual reasoning, e.g., to test the strategy of running back to the owner without the ball, in order to identify the true cause of reward winning. This project aims to develop and verify a novel learning architecture, that enables active counterfactual reasoning during reinforcement learning, with a focus on improving robustness of controllers against Trojan attacks. The project will leverage PIs’ existing expertise in active vision and robust machine learning, and will use AWS DeepRacer as a demonstration platform.