Growing at a very fast pace, modern autonomous systems will soon be deployed at scale, opening up the possibility for cooperative multi-agent systems. By sharing information and distributing workloads, autonomous agents can better perform their tasks and enjoy improved computation efficiency. However, such advantages rely heavily on communication channels which have been shown to be vulnerable to security breaches. Thus, communication can be compromised to execute adversarial attacks on deep learning models which are widely employed in modern systems. In this paper, we explore such adversarial attacks in a novel multi-agent setting where agents communicate by sharing learned intermediate representations. We observe that an indistinguishable adversarial message can severely degrade performance, but becomes weaker as the number of benign agents increase. Furthermore, we show that transfer attacks are more difficult in this setting when compared to directly perturbing the inputs, as it is necessary to align the distribution of communication messages with domain adaptation. Finally, we show that low-budget online attacks can be achieved by exploiting the temporal consistency of streaming sensory inputs.
翻译:以非常迅速的速度发展,现代自主系统将很快大规模部署,为合作性多试剂系统开辟可能性。通过分享信息和分配工作量,自主代理可以更好地完成任务,并享有更高的计算效率。然而,这些优势在很大程度上依赖于通信渠道,这些渠道已经证明很容易发生安全漏洞。因此,通信可能受损,无法对现代系统广泛使用的深层次学习模式进行对抗性攻击。在本文中,我们探索了这种对抗性攻击,在新型的多试剂环境中,代理通过共享学习的中间演示进行交流。我们观察到,不可分辨的对抗性信息会严重削弱性能,但随着良性代理数量的增长而变弱。此外,我们表明,与直接渗透投入相比,在这种环境下,转移攻击更为困难,因为有必要使通信信息的分配与域适应相协调。最后,我们表明,通过利用流感应投入的时间一致性,可以实现低预算的在线攻击。