US 12,073,318 B2
Deep reinforcement learning based method for surreptitiously generating signals to fool a recurrent neural network
Michael A. Warren, Northridge, CA (US); Christopher Serrano, Whittier, CA (US); and Pape Sylla, Thousand Oaks, CA (US)
Assigned to HRL LABORATORIES, LLC, Malibu, CA (US)
Filed by HRL Laboratories, LLC, Malibu, CA (US)
Filed on Jul. 23, 2020, as Appl. No. 16/937,503.
Claims priority of provisional application 62/905,106, filed on Sep. 24, 2019.
Prior Publication US 2021/0089891 A1, Mar. 25, 2021
Int. Cl. G06N 20/00 (2019.01); G06N 3/08 (2023.01)
CPC G06N 3/08 (2013.01) [G06N 20/00 (2019.01)] 15 Claims
OG exemplary drawing
 
1. An attack system for generating perturbations of input signals to a Target recurrent neural network (RNN) based anomaly detector system configured to receive input sensor signals and produce outputs, the attack system comprising:
one or more processors and a non-transitory computer-readable medium having executable instructions encoded thereon such that when executed, the one or more processors perform operations of:
training a reinforcement learning agent to determine a magnitude of a perturbation with which to attack the Target RNN based anomaly detector system, wherein training the reinforcement learning agent comprises presenting, at each time step, unattacked sensor data comprising a known property to attack to the reinforcement learning agent in temporal order,
wherein the reinforcement learning agent receives time series sensor readings and outputs a set of attack parameters sampled from a probability distribution over a set of perturbation magnitudes;
altering, in real-time, the time series sensor readings with at least one perturbation at the determined magnitude to generate a perturbed input signal, the perturbed input signal being altered so as to prevent the Target RNN based anomaly detector system from correctly predicting a presence of an anomaly;
presenting, in real-time, the perturbed input sensor signal to the Target RNN based anomaly detector system such that the Target RNN based anomaly detector system produces a prediction of a presence of an anomaly in the Target RNN based anomaly detector system; and
using the prediction, identifying a failure of the Target RNN based anomaly detector system based on a failure to correctly predict the presence of the anomaly.