The prominence of embodied Artificial Intelligence (AI), which empowers robots to navigate, perceive, and engage within virtual environments, has attracted significant attention, owing to the remarkable advancements in computer vision and large language models. Privacy emerges as a pivotal concern within the realm of embodied AI, as the robot access substantial personal information. However, the issue of privacy leakage in embodied AI tasks, particularly in relation to decision-making algorithms, has not received adequate consideration in research. This paper aims to address this gap by proposing an attack on the Deep Q-Learning algorithm, utilizing gradient inversion to reconstruct states, actions, and Q-values. The choice of using gradients for the attack is motivated by the fact that commonly employed federated learning techniques solely utilize gradients computed based on private user data to optimize models, without storing or transmitting the data to public servers. Nevertheless, these gradients contain sufficient information to potentially expose private data. To validate our approach, we conduct experiments on the AI2THOR simulator and evaluate our algorithm on active perception, a prevalent task in embodied AI. The experimental results convincingly demonstrate the effectiveness of our method in successfully recovering all information from the data across all 120 room layouts.

翻译：具身人工智能（Embodied AI）的兴起，赋予了机器人在虚拟环境中导航、感知和交互的能力，由于计算机视觉和大语言模型的显著进步，这一领域已引起广泛关注。在具身人工智能中，隐私成为一个关键问题，因为机器人能够访问大量个人信息。然而，具身人工智能任务中的隐私泄露问题，特别是与决策算法相关的方面，在研究中尚未得到充分重视。本文旨在填补这一空白，提出一种针对深度Q学习算法的攻击方法，利用梯度反转来重建状态、动作和Q值。选择使用梯度进行攻击的原因是，常用的联邦学习技术仅利用基于私有用户数据计算的梯度来优化模型，而无需将数据存储或传输到公共服务器。然而，这些梯度包含了足以暴露私有数据的充分信息。为了验证我们的方法，我们在AI2THOR模拟器上进行了实验，并在具身人工智能中常见的主动感知任务上评估了我们的算法。实验结果令人信服地证明了我们的方法在所有120个房间布局中成功恢复数据中的所有信息的有效性。