Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarial Attacks and Defenses in Fault Detection and Diagnosis: A Comprehensive Benchmark on the Tennessee Eastman Process

Vitaliy Pozdnyakov, Aleksandr Kovalenko, Ilya Makarov, Mikhail Drobyshevskiy, Kirill Lukyanov

TL;DR

The paper addresses the vulnerability of neural network–based Fault Detection and Diagnosis (FDD) in Automated Control Systems to adversarial attacks, benchmarking six attack types on TE Process data using three architectures. It surveys attack/defense methods, formalizes the FDD problem with time-series windows, and demonstrates that many defenses degrade performance on clean data. The key contribution is a combined defense strategy—adversarial training on quantized data—that improves robustness across attacks while maintaining reasonable diagnostic accuracy, alongside an assessment of defensive autoencoders as a promising avenue. The work has practical implications for secure ML deployment in industrial ACS by balancing robustness against perturbations with reliable fault diagnosis, and it highlights avenues for further research on universal defenses and advanced autoencoder designs.

Abstract

Integrating machine learning into Automated Control Systems (ACS) enhances decision-making in industrial process management. One of the limitations to the widespread adoption of these technologies in industry is the vulnerability of neural networks to adversarial attacks. This study explores the threats in deploying deep learning models for fault diagnosis in ACS using the Tennessee Eastman Process dataset. By evaluating three neural networks with different architectures, we subject them to six types of adversarial attacks and explore five different defense methods. Our results highlight the strong vulnerability of models to adversarial samples and the varying effectiveness of defense strategies. We also propose a novel protection approach by combining multiple defense methods and demonstrate it's efficacy. This research contributes several insights into securing machine learning within ACS, ensuring robust fault diagnosis in industrial processes.

Adversarial Attacks and Defenses in Fault Detection and Diagnosis: A Comprehensive Benchmark on the Tennessee Eastman Process

TL;DR

The paper addresses the vulnerability of neural network–based Fault Detection and Diagnosis (FDD) in Automated Control Systems to adversarial attacks, benchmarking six attack types on TE Process data using three architectures. It surveys attack/defense methods, formalizes the FDD problem with time-series windows, and demonstrates that many defenses degrade performance on clean data. The key contribution is a combined defense strategy—adversarial training on quantized data—that improves robustness across attacks while maintaining reasonable diagnostic accuracy, alongside an assessment of defensive autoencoders as a promising avenue. The work has practical implications for secure ML deployment in industrial ACS by balancing robustness against perturbations with reliable fault diagnosis, and it highlights avenues for further research on universal defenses and advanced autoencoder designs.

Abstract

Integrating machine learning into Automated Control Systems (ACS) enhances decision-making in industrial process management. One of the limitations to the widespread adoption of these technologies in industry is the vulnerability of neural networks to adversarial attacks. This study explores the threats in deploying deep learning models for fault diagnosis in ACS using the Tennessee Eastman Process dataset. By evaluating three neural networks with different architectures, we subject them to six types of adversarial attacks and explore five different defense methods. Our results highlight the strong vulnerability of models to adversarial samples and the varying effectiveness of defense strategies. We also propose a novel protection approach by combining multiple defense methods and demonstrate it's efficacy. This research contributes several insights into securing machine learning within ACS, ensuring robust fault diagnosis in industrial processes.
Paper Structure (35 sections, 11 equations, 7 figures, 8 tables)

This paper contains 35 sections, 11 equations, 7 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Review
  3. Classification of attacks on machine learning models
  4. Most common methods of attack and defense
  5. Interactions among defense methods
  6. Summary of the review
  7. Methods
  8. Fault diagnosis methods
  9. Adversarial attacks
  10. Random Noise
  11. Fast Gradient Sign Method (FGSM)
  12. FGSM Distillation
  13. Projected Gradient Descent (PGD)
  14. DeepFool
  15. Carlini and Wagner (C&W)
  16. ...and 20 more sections

Figures (7)

  • Figure 1: Accuracy drop of unprotected models under six different types of attacks depending on the strength of an attack $\epsilon$.
  • Figure 2: Accuracy of the TCN model protected by adversarial training with different settings: a) training on FGSM samples with fixed $\epsilon = 0.1$; b) training on FGSM samples with set of $\epsilon$ values from the range (0, 0.3); c) training on PGD samples with fixed $\epsilon = 0.1$; d) training on PGD samples with set of $\epsilon$ values from the range (0, 0.3).
  • Figure 3: Accuracy of the TCN model protected by autoencoder: a) model was trained on the original data; b) model was trained on the data obtained at the output of autoencoder.
  • Figure 4: Accuracy of the TCN model protected by quantization: a) model is under FGSM attack and $n$ indicates the number of discrete values during the quantization process ($2^n$); b) model is protected by quantization with $n=5$ under six types of attacks.
  • Figure 5: Accuracy of the TCN model protected by: a) regularization defense method; b) distillation defense method.
  • ...and 2 more figures