Our method employs gradient inversion to steal the data used by a robot deployed in the private environment for RL algorithms online training. The adversary can reconstruct the state, action, and supervisory signal from the gradient.
First person view.
Bird eye view.
Thrid person view.
Results in AI2THOR: Action, reward, and multi-modal state resonstruction from REINFORCE.
Reconstruction loss of object bounding box
Reconstructed object bounding box
Reconstructed RGB image
Reconstructed depth image
Reconstruction loss of object bounding box
Reconstructed object bounding box
Reconstructed RGB image
Reconstructed depth image
Results in SUN-RGB-D: Action, reward, and multi-modal state reconstruction from DQN.
Reconstruction loss
TV loss
Reconstructed RGB image
Reconstructed depth image
Reconstruction of real-world private rooms.
Results in Carla: reconstruction of video inputs of an SAC agent.
8 frame ground truth
8 frame reconstruction
16 frame ground truth
16 frame reconstruction
BibTeX
@article{li2024rlgi,
title={Your Room is not Private: Gradient Inversion Attack for Deep Q-Learning},
author={Li, Miao and Ding, Wenhao and Zhao, Ding},
journal={arXiv preprint arXiv:2306.09273},
year={2023}
}