• adversarial attacks
• computer vision
• deep
• dnn
• reinforcement learning
• trustworthy ai

This thesis focuses on the implementation of adversarial perturbations to deceive computer vision-based reinforcement learning systems. In particular, the student will explore the existing literature in the field of adversarial attacks for computer vision and implement attacks specifically designed to target DeepRL models. The attack formulation will initially involve baseline optimizations aimed at misclassify DNNs for image classification and subsequently how to transfer these attacks to reduce the rewards of a DeepRL model, in all time sequences, on low frequency of timesteps and critical states.
In chapter 2: "Adversarial attacks in Image classification", an analysis of adversarial has been deepen in particular in the context of attacks to pretrained classification models.
In chapter 3: "Adversarial attacks in DeepRL", the attacks has been implemented for a classic vanilla DeepRL model considering also the frequency of the attacks and subsequently comparated with the state-of-the-art methods.