Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Analysis and Mitigation of Data injection Attacks against Data-Driven Control

Sribalaji C. Anand

TL;DR

This work analyzes false data injection during the learning phase of data-driven control for a discrete-time LTI plant $x[k+1]=Ax[k]+Bu[k]$ with corrupted sensor data $\tilde{x}[k]=x[k]+a[k]$. It shows a stealthy attack can cause the operator to learn a destabilizing controller with $|ar{\lambda}(A-B\tilde{K})|>1$, and it demonstrates that a constant-bias attack on data-driven LQR can increase the cost $J_a$ beyond the attack-free optimum $J^*$, with degradation growing with system size. The authors propose active defenses (encrypted control, watermarking, moving-target defense) and passive diagnostics (impulse-response checks) and support their claims with numerical examples. The results highlight the importance of securing sensor channels and PE data in data-driven control, particularly for large-scale systems, and point to future work on extending these ideas to nonlinear data-driven control.

Abstract

This paper investigates the impact of false data injection attacks on data-driven control systems. Specifically, we consider an adversary injecting false data into the sensor channels during the learning phase. When the operator seeks to learn a stable state-feedback controller, we propose an attack strategy capable of misleading the operator into learning an unstable feedback gain. We also investigate the effects of constant-bias injection attacks on data-driven linear quadratic regulation (LQR). Finally, we explore potential mitigation strategies and support our findings with numerical examples.

Analysis and Mitigation of Data injection Attacks against Data-Driven Control

TL;DR

This work analyzes false data injection during the learning phase of data-driven control for a discrete-time LTI plant with corrupted sensor data . It shows a stealthy attack can cause the operator to learn a destabilizing controller with , and it demonstrates that a constant-bias attack on data-driven LQR can increase the cost beyond the attack-free optimum , with degradation growing with system size. The authors propose active defenses (encrypted control, watermarking, moving-target defense) and passive diagnostics (impulse-response checks) and support their claims with numerical examples. The results highlight the importance of securing sensor channels and PE data in data-driven control, particularly for large-scale systems, and point to future work on extending these ideas to nonlinear data-driven control.

Abstract

This paper investigates the impact of false data injection attacks on data-driven control systems. Specifically, we consider an adversary injecting false data into the sensor channels during the learning phase. When the operator seeks to learn a stable state-feedback controller, we propose an attack strategy capable of misleading the operator into learning an unstable feedback gain. We also investigate the effects of constant-bias injection attacks on data-driven linear quadratic regulation (LQR). Finally, we explore potential mitigation strategies and support our findings with numerical examples.

Paper Structure

This paper contains 16 sections, 9 theorems, 20 equations, 3 figures.

Table of Contents

  1. Introduction
  2. Problem Formulation
  3. Problem setup
  4. Controller description
  5. Data-driven stabilizing controller design
  6. Data-driven LQ optimal controller design
  7. Adversarial description
  8. Attack policy against data-driven stabilization
  9. Modifying attack policy for stealthiness
  10. Numerical example
  11. Attack policy against data-driven LQ controller
  12. Numerical example
  13. Mitigation Strategy
  14. Mitigating destabilizing adversaries
  15. Mitigating bias injection attacks
  16. ...and 1 more sections

Key Result

Lemma 2.1

Let the input $u_{[0,T]}$ in $\mathcal{D}$ be persistently exciting of order $n+1$, and let $a[k]=0, \forall k \in \mathbb{Z}^+$. Then, any controller of the form stabilizes the closed loop, i.e., $|\bar{\lambda}(A-B{K})| <1$ where $Q \in \mathbb{R}^{T \times n}$ is any matrix that satisfies Here $\tilde{X}_{1,T}$ and $\tilde{X}_{0,T}$ are Hankel matrices generated from the measurements in $\mat

Figures (3)

  • Figure 1: Pictorial respresentation of a NCS under data injection attacks during the learning phase.
  • Figure 2: (Top) PE inputs applied to the plant of length $T=16$ samples. (Middle) Fake measurements are generated by \ref{['eq:NE2']} (Bottom) True measurements from the process \ref{['eq:NE1']}.
  • Figure 3: Box plots depicting the performance degradation when the data-driven controller is subjected to bias injection attacks $a[k]=10$ during the training phase. For any given $n$, the box plot depicts the value of the ratio $\log\left(\frac{J_a}{J^*}\right)$ for $N=100$ different random realisations of the matrix $U$. On each box, the central mark indicates the median, and the bottom and top edges of the box indicate the $25$th and $75$th percentiles, respectively. The whiskers extend to the most extreme data points.

Theorems & Definitions (15)

  • Lemma 2.1
  • Lemma 2.2
  • Definition 3.1
  • Theorem 3.1
  • proof
  • Corollary 3.1.1
  • Theorem 3.2
  • proof
  • Lemma 4.1
  • proof
  • ...and 5 more