The Dark Side of Digital Twins: Adversarial Attacks on AI-Driven Water Forecasting
Mohammadhossein Homaei, Victor Gonzalez Morales, Oscar Mogollon-Gutierrez, Andres Caro
TL;DR
This paper investigates adversarial threats to AI-driven digital twins for water forecasting, focusing on LSTM-based forecasts and AML attacks such as FGSM and PGD. It introduces Learning Automata (LA) and Random Learning Automata (RLA) strategies to craft undetectable and adaptive perturbations that degrade forecast accuracy, with MAE, RMSE, and MAPE used as evaluation metrics; FGSM can push MAPE above 35% at moderate perturbations. The authors also propose mitigation pathways, including adversarial training, anomaly detection, and secure data pipelines, to bolster resilience of DT water systems. The findings underscore the cybersecurity risks in AI-powered water DTs and highlight the need for robust, multi-layer defenses to maintain reliable forecasting and sustainable water management.
Abstract
Digital twins (DTs) are improving water distribution systems by using real-time data, analytics, and prediction models to optimize operations. This paper presents a DT platform designed for a Spanish water supply network, utilizing Long Short-Term Memory (LSTM) networks to predict water consumption. However, machine learning models are vulnerable to adversarial attacks, such as the Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD). These attacks manipulate critical model parameters, injecting subtle distortions that degrade forecasting accuracy. To further exploit these vulnerabilities, we introduce a Learning Automata (LA) and Random LA-based approach that dynamically adjusts perturbations, making adversarial attacks more difficult to detect. Experimental results show that this approach significantly impacts prediction reliability, causing the Mean Absolute Percentage Error (MAPE) to rise from 26% to over 35%. Moreover, adaptive attack strategies amplify this effect, highlighting cybersecurity risks in AI-driven DTs. These findings emphasize the urgent need for robust defenses, including adversarial training, anomaly detection, and secure data pipelines.
