|
I am a Ph.D. student (2021.09-) at the State Key Laboratory of Software Development Environment (SKLSDE) and School of Computer Science and Engineering (SCSE) , Beihang University, Beijing, China, supervised by Prof. Xianglong Liu. Before that, I obtained my BSc degree in 2020 from Beihang University (Summa Cum Laude).
|
 |
|
I am interested in Trustworthy AI for multi-agent reinforcement learning (MARL). My research goal is to make reinforcement learning safe and robust, including practical adversarial attack for RL/MARL, adversarial defense. Many of my works on robust MARL are tested on real world robot swarms. new I am moving towards the research direction of reinforcement learning from human feedback (RLHF). I am working on game theoretic methods to improve the capability and trustworthiness of RLHF. Now my research mainly includes:
|
[2024.02] One co-authored paper on collision avoidance submitted to RAL 2024 [2024.02] One first-authored paper on robust regularization for MARL submitted to ICML 2024 [2024.01] One first-authored paper on defending Byzantine adversary of MARL accepted by ICLR 2024 [2024.01] Two co-authored paper on robotics submitted to IJCAI 2024 [2024.01] One co-authored paper on partial symmetry for MARL accepted by AAAI 2024 [2023.09] One first-authored paper on adversarial attack against MARL submitted to IEEE TCYB [2022.11] One first-authored paper on naturalness of physical world adversarial attack accepted by CVPR 2023 [2022.12] One co-authored paper of algorithmic testing accepted by Artificial Intelligence Security (In Chinese). [2022.12] One co-authored survey on RL robustness accepted by Chinese Journal of Computers (In Chinese, top journal in China, CCF-A). [2022.07] One first-authored paper on privacy protection of fingerprints submitted to IEEE TIP (currently under minor revision). [2022.04] One co-authored paper on robustness testing of MARL accepted by CVPR 2022 workshop. |
 |
We study robustness of MARL against Byzantine action perturbations by formulating it as a Bayesian game. We provide a rigorious formulation of this problem and an algorithm with strong empirical performance. |
 |
We proof that minimizing mutual information as a regularization term is minimizing a lower bound of robustness in MARL under all potential threat scenarios. |
 |
We propose the first adversarial policy attack for c-MARL, which is strong and practical. Our attack provides the first demonstration that adversarial policy is effective against real world robot swarms. |
 |
Simin Li, Shuning Zhang, Gujun Chen, Dong Wang, Pu Feng, Jiakai Wang, Aishan Liu, Xin Yi, Xianglong Liu. Accepted by CVPR, 2023 pdf / Project page We take the first step to evaluate the naturalness of physical world adversarial examples by a human oriented approach. We collect the first dataset with human naturalness ratings and human gaze, unveil insights of how contextual and behavioral features will affect attack naturalness, and propose an algorithm to automatically evaluate naturalness by aligning human behavior and algorithm prediction. |
 |
While billions of people are sharing their daily life images on social media everyday, hackers can easily steal fingerprint from the shared images. We leverage adversarial attack to protect such privacy leakage, such that hackers cannot extract fingerprints even they get the shared images in social media. Our method, FingerSafe, is strong for protection and natural for daily use. |
 |
We propose a testing framework to evaluate the robustness of multi-agent reinforcement learning (MARL) algoritms from the aspect of observation, action and reward. Our work first point out state-of-the-art MARL algorithms, including QMIX and MAPPO, are non-robust in multiple aspects, and point out the urgent need to test and enhance the robustness of MARL algorithms. |
 |
Symmetry has been used in MARL as a prior to incorporate domain knowledge in the environment, which enhance sample efficiency and performance. In this paper, we extend symmetry to paritial symmetry that considers uncertainties in environment with non-uniform field, including uneven terrain, wind, etc. |
 |
Symmetry are everywhere in real world, yet current MARL algorithms are agnostic of such symmetry by design. We extend the idea of symmetry to temporal domain, proposing spatial-temporal symmetry network, which includes adds a stronger induction bias during network training. |
 |
Many MARL tasks specify certain goal states where special rewards are granted. The optimal policy in such task could be characterized by Lyapnov stability, where the policy asymptotically converge to the goal states from any initial, making the goal states stable equilibria. We formulate such process as a Lyapunov Markov game, and proof it facilitates the training process to find a stable suboptimal policy more easily and then converge to an optimal policy more efficiently. |
 |
Pu Feng, Xin Yu, Wenjun Wu, Yongkai Tian, Junkang Liang, Simin Li. Submitted to RAL, 2024. Motivated by soft potential field theory, we propose an algorithm to avoid collision in robot swarms. |
 |
Aishan Liu, Jun Guo, Simin Li, Yisong Xiao, Xianglong Liu, Dacheng Tao. Accepted by Chinese Journal of Computers (计算机学报, top journal in China, CCF-A), 2023. We provide a comprehensive survey of attack and defenses for deep reinforcement learning. We first analyze adversarial attacks from the perspectives of state-based, reward-based and action based attacks. Then, we illustrate adversarial defenses from adversarial training, adversarial detection, certified robustness and robust learning. Finally, we investigate interesting topics including adversaries for good and model robustness understanding for DRL, and highlights open issues and future challenges in this field. |
|
Shuangcheng Liu, Simin Li (corresponding author), Hainan Li, Jingqiao Xiu, Aishan Liu, Xianglong Liu. Accepted by Journal of Cybersecurity (网络空间安全科学学报, Chinese journal on AI secuity), 2023. We provide an AirSim-based unmanned aerial vehicle (UAV) simulator. Based on this simulator, we identify several critical adversarial attacks in multi-UAV combat. |
|
 |
Simin Li, Jiakai Wang, Aishan Liu, Xianglong Liu. Accepted by Journal of Cybersecurity (网络空间安全科学学报, Chinese journal on AI secuity), 2023. We advocate the research on behavioral dynamics, which provides both microscopic and macroscopic understanding on adversarial vulnerability. We argue that combining the search of network science and game theory with AI safety could potentially benefit the understanding on micro information transmission and macro agent-wise intereaction. |
 |
Jiakai Wang, Aishan Liu, Simin Li, Xianglong Liu, Wenjun Wu. Accepted by Artificial Intelligence Security (智能安全, Chinese journal on AI secuity), 2023. We propose our recent insight to test the security of an intelligent system from full life cycles, including vulnerabilities in model training, testing and deployment and their testing techniques. We offer insights on safety standards, safety testing platforms and sketch our method on security evaluation of autonomous driving. |
[Workshop@CVPR2023]I serve as Program Commitee at workshop The Art of Robustness: Devil and Angel in Adversarial Machine Learning at CVPR 2023. [Reviewer]I am a reviewer of CVPR, ECCV, AAAI, Pattern Recognition, etc. |