logo SBA

ETD

Digital archive of theses discussed at the University of Pisa

 

Thesis etd-05132024-155707


Thesis type
Tesi di laurea magistrale
Author
BIANCHETTIN, STEFANO
URN
etd-05132024-155707
Thesis title
Evaluating Adversarial Perturbations for Reinforcement Learning
Department
INGEGNERIA DELL'INFORMAZIONE
Course of study
ARTIFICIAL INTELLIGENCE AND DATA ENGINEERING
Supervisors
relatore Prof. Cococcioni, Marco
relatore Prof. Buttazzo, Giorgio C.
tutor Dott. Brau, Fabio
Keywords
  • adversarial attacks
  • computer vision
  • deep
  • dnn
  • reinforcement learning
  • trustworthy ai
Graduation session start date
30/05/2024
Availability
Withheld
Release date
30/05/2064
Summary
This thesis focuses on the implementation of adversarial perturbations to deceive computer vision-based reinforcement learning systems. In particular, the student will explore the existing literature in the field of adversarial attacks for computer vision and implement attacks specifically designed to target DeepRL models. The attack formulation will initially involve baseline optimizations aimed at misclassify DNNs for image classification and subsequently how to transfer these attacks to reduce the rewards of a DeepRL model, in all time sequences, on low frequency of timesteps and critical states.
In chapter 2: "Adversarial attacks in Image classification", an analysis of adversarial has been deepen in particular in the context of attacks to pretrained classification models.
In chapter 3: "Adversarial attacks in DeepRL", the attacks has been implemented for a classic vanilla DeepRL model considering also the frequency of the attacks and subsequently comparated with the state-of-the-art methods.
File