The Markov decision process (MDP) provides a mathematical framework for modeling sequential decision-making problems, many of which are crucial to security and safety, such as autonomous driving and robot control. The rapid development of artificial intelligence research has created efficient methods for solving MDPs, such as deep neural networks (DNNs), reinforcement learning (RL), and imitation learning (IL). However, these popular models solving MDPs are neither thoroughly tested nor rigorously reliable. We present MDPFuzz, the first blackbox fuzz testing framework for models solving MDPs. MDPFuzz forms testing oracles by checking whether the target model enters abnormal and dangerous states. During fuzzing, MDPFuzz decides which mutated state to retain by measuring if it can reduce cumulative rewards or form a new state sequence. We design efficient techniques to quantify the "freshness" of a state sequence using Gaussian mixture models (GMMs) and dynamic expectation-maximization (DynEM). We also prioritize states with high potential of revealing crashes by estimating the local sensitivity of target models over states. MDPFuzz is evaluated on five state-of-the-art models for solving MDPs, including supervised DNN, RL, IL, and multi-agent RL. Our evaluation includes scenarios of autonomous driving, aircraft collision avoidance, and two games that are often used to benchmark RL. During a 12-hour run, we find over 80 crash-triggering state sequences on each model. We show inspiring findings that crash-triggering states, though they look normal, induce distinct neuron activation patterns compared with normal states. We further develop an abnormal behavior detector to harden all the evaluated models and repair them with the findings of MDPFuzz to significantly enhance their robustness without sacrificing accuracy.
翻译:马尔科夫决策过程(MDP)提供了一种数学框架,用于建模顺序决策问题,其中许多问题对于安全性和安全性至关重要,例如自动驾驶和机器人控制。人工智能研究的快速发展已经创造了解决MDP的高效方法,例如深度神经网络(DNNs),强化学习(RL)和模仿学习(IL)。但是,这些流行的解决MDP的模型既未经彻底测试,也不可靠。我们提供了MDPFuzz,这是第一个用于解决MDP的模型的黑盒Fuzz测试框架。 MDPFuzz通过检查目标模型是否进入异常和危险状态来形成测试预示器。在模糊化过程中,MDPFuzz通过测量是否可以减少累积奖励或形成新的状态序列来决定保留哪个变异状态。我们使用高斯混合模型(GMMs)和动态期望最大化( DynEM)设计了有效的技术,以量化状态序列的“新鲜程度”。我们还通过估计目标模型在状态上的局部敏感性来优先考虑可能显示崩溃的状态。 MDPFuzz在五种解决MDP的最新模型上进行评估,包括监督的DNN,RL,IL和多智能体RL。我们的评估包括自动驾驶,飞机避免相撞以及通常用于RL基准测试的两个游戏的情况。在12小时的运行期间,我们在每个模型上发现了超过80个触发崩溃的状态序列。我们展示了令人鼓舞的结果,即触发崩溃的状态,尽管它们看起来正常,但与正常状态相比,它们引发了不同的神经元激活模式。我们进一步开发了一种异常行为检测器,以加强所有评估模型并使用MDPFuzz的结果进行修复,以显着增强其鲁棒性而不损失准确性。