Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Detection of Shared Data Manipulation in Distributed Optimization

Mohannad Alkhraijah, Rachel Harris, Samuel Litchfield, David Huggins, Daniel K. Molzahn

TL;DR

The paper addresses the vulnerability of ADMM-based distributed OPF to shared-data manipulation and proposes a dual defense: a rigorously derived analytical detection condition and an adversarially trained neural network detector. It introduces three attack models (simple, PID-based feedback, and bilevel MILP) and demonstrates that the detection condition can flag most manipulations, though bilevel attacks with embedded detectors can evade simple defenses. To counter advanced evasion, the authors propose an adversarial training framework where the NN detector is continually trained on bilevel-embedded attacks, achieving near-perfect detection in tested scenarios. Overall, the work enhances detection guarantees and demonstrates practical methods to secure distributed optimization in power systems, while acknowledging computational and scalability challenges for large-scale deployments.

Abstract

This paper investigates the vulnerability of the Alternating Direction Method of Multipliers (ADMM) algorithm to shared data manipulation, with a focus on solving optimal power flow (OPF) problems. Deliberate data manipulation may cause the ADMM algorithm to converge to suboptimal solutions. We derive a sufficient condition for detecting data manipulation based on the theoretical convergence trajectory of the ADMM algorithm. We evaluate the performance of the detection condition on three data manipulation strategies with various levels of complexity and stealth. The simplest attack sends the target values and each iteration, the second attack uses a feedback loop to find the next target values, and the last attack uses a bilevel optimization to find the target values. We then extend the three data manipulation strategies to avoid detection by the detection conditions and a neural network (NN) detection model. We also propose an adversarial NN training framework to detect shared data manipulation. We illustrate the performance of our data manipulation strategy and detection framework on OPF problems. The results show that the proposed detection condition successfully detects most of the data manipulation attacks. However, the bilevel optimization attack strategy that incorporates the detection methods may avoid being detected. Countering this, our proposed adversarial training framework detects all the instances of the bilevel optimization attack.

On the Detection of Shared Data Manipulation in Distributed Optimization

TL;DR

The paper addresses the vulnerability of ADMM-based distributed OPF to shared-data manipulation and proposes a dual defense: a rigorously derived analytical detection condition and an adversarially trained neural network detector. It introduces three attack models (simple, PID-based feedback, and bilevel MILP) and demonstrates that the detection condition can flag most manipulations, though bilevel attacks with embedded detectors can evade simple defenses. To counter advanced evasion, the authors propose an adversarial training framework where the NN detector is continually trained on bilevel-embedded attacks, achieving near-perfect detection in tested scenarios. Overall, the work enhances detection guarantees and demonstrates practical methods to secure distributed optimization in power systems, while acknowledging computational and scalability challenges for large-scale deployments.

Abstract

This paper investigates the vulnerability of the Alternating Direction Method of Multipliers (ADMM) algorithm to shared data manipulation, with a focus on solving optimal power flow (OPF) problems. Deliberate data manipulation may cause the ADMM algorithm to converge to suboptimal solutions. We derive a sufficient condition for detecting data manipulation based on the theoretical convergence trajectory of the ADMM algorithm. We evaluate the performance of the detection condition on three data manipulation strategies with various levels of complexity and stealth. The simplest attack sends the target values and each iteration, the second attack uses a feedback loop to find the next target values, and the last attack uses a bilevel optimization to find the target values. We then extend the three data manipulation strategies to avoid detection by the detection conditions and a neural network (NN) detection model. We also propose an adversarial NN training framework to detect shared data manipulation. We illustrate the performance of our data manipulation strategy and detection framework on OPF problems. The results show that the proposed detection condition successfully detects most of the data manipulation attacks. However, the bilevel optimization attack strategy that incorporates the detection methods may avoid being detected. Countering this, our proposed adversarial training framework detects all the instances of the bilevel optimization attack.
Paper Structure (26 sections, 1 theorem, 20 equations, 4 figures, 3 tables)

This paper contains 26 sections, 1 theorem, 20 equations, 4 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Contributions
  4. Organization
  5. Background
  6. Optimal Power Flow
  7. Alternating Direction Method of Multipliers
  8. General Form
  9. Consensus Problem
  10. Detection Condition for Anomalous Shared Data
  11. Data Manipulation with Embedded Detection Models
  12. Data Manipulation Strategies
  13. Simple Attacker Model
  14. Feedback Attacker Model
  15. Bilevel Attacker Model
  16. ...and 11 more sections

Key Result

Proposition 1

Let $x^k$ and $z^k$ be the iterate $k$ solutions of the ADMM algorithm eq:admm and the problem satisfies assumptions 1 and 2. Define $\hat{z}^k = 2 B z^k - B z^{k-1} - c$. If $(x^{k+1} + A^{-1} \hat{z}^k)^\mathsf{T} A^\mathsf{T} A (x^{k+1} - x^k) \geq \epsilon$ for any $k\geq 1$ and small $\epsilon\

Figures (4)

  • Figure 1: The attacker's logic when using the bilevel model. The attacker selects a starting iteration. Before starting the attack, the attacker solves normal ADMM subproblems \ref{['eq:consensus_admm']}. After starting the attack, the attacker shares manipulated data obtained by solving the bilevel problem \ref{['eq:bilevel']}.
  • Figure 2: $ReLU(x) = \max\{0,x\}$ with binary variable $\phi\in \{0,1\}$, where $\phi = 1$ indicates the inactive red region and $\phi = 0$ the active green region.
  • Figure 3: Adversarial training framework flowchart consisting of two stages: (1) initial training in steps 2 and 3, and (2) adversarial training in step 4.
  • Figure 4: Success rate of the bilevel attack with embedded detection methods over the adversarial training iterations. The blue line indicates the result of the bilevel attack with an embedded neural network (NN) and the red line with an embedded neural network and the detection condition (NN+DC).

Theorems & Definitions (2)

  • Proposition : Sufficient Detection Condition
  • proof