Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On the Necessity of Two-Stage Estimation for Learning Dynamical Systems under Both Noise and Node-Wise Attacks

Jihun Kim, Javad Lavaei

TL;DR

The paper addresses learning a networked linear dynamical system from a single trajectory under persistent noise and node-wise adversarial attacks with probability $p<0.5$. It proves that any convex one-stage estimator cannot consistently recover the true dynamics $ar{A}$ in this setting, and it introduces a robust two-stage approach: Stage I uses a row-wise $ oldsymbol{ ext{l}}_{1}$-norm estimator to detect and filter attacked samples, followed by Stage II least-squares on the cleaned data. The authors derive non-asymptotic bounds showing Stage I error scales with $( obreak \sigma_w+ obreak obreak obreak obreak obreak obreak obreak )^4 obreak $ and the Stage II error decays as $Oigl( rac{n}{T}igr)^{1/2} rac{ obreak ( }{ } $ plus a bias term due to misclassifications, with perfect separability ($v_t^{(i)}$ large relative to noise) yielding consistency. The work thus provides the first non-asymptotic guarantees that a two-stage estimation framework is necessary for robust system identification under simultaneous persistent noise and adversarial attacks, with practical implications for filtering-based robustness in distributed networks.

Abstract

The least-squares estimator has achieved considerable success in learning linear dynamical systems from a single trajectory of length $T$. While it attains an optimal error of $\mathcal{O}(1/\sqrt{T})$ under independent zero-mean noise, it lacks robustness and is particularly susceptible to adversarial corruption. In this paper, we consider the identification of a networked system in which every node is subject to both noise and adversarial attacks. We assume that every node is independently corrupted with probability smaller than $0.5$ at each time, placing the overall system under almost-persistent local attack. We first show that no convex one-stage estimator can achieve a consistent estimate as $T$ grows under both noise and attacks. This motivates the development of a two-stage estimation method applied across nodes. In Stage I, we leverage the $\ell_1$-norm estimator and derive an estimation error bound proportional to the noise level $σ_w$. This bound is subsequently used to detect and filter out attacks, producing a clean dataset for each node, to which we apply the least-squares estimator in Stage II. The resulting estimation error is on the order $\mathcal{O}(1/\sqrt{T})$ plus the product of $σ_w$ and the number of misclassifications. In the event of perfect separability between attack and non-attack data, which occurs when injected attacks are sufficiently large relative to the noise scale, our two-stage estimator is consistent for the true system.

On the Necessity of Two-Stage Estimation for Learning Dynamical Systems under Both Noise and Node-Wise Attacks

TL;DR

The paper addresses learning a networked linear dynamical system from a single trajectory under persistent noise and node-wise adversarial attacks with probability . It proves that any convex one-stage estimator cannot consistently recover the true dynamics in this setting, and it introduces a robust two-stage approach: Stage I uses a row-wise -norm estimator to detect and filter attacked samples, followed by Stage II least-squares on the cleaned data. The authors derive non-asymptotic bounds showing Stage I error scales with and the Stage II error decays as plus a bias term due to misclassifications, with perfect separability ( large relative to noise) yielding consistency. The work thus provides the first non-asymptotic guarantees that a two-stage estimation framework is necessary for robust system identification under simultaneous persistent noise and adversarial attacks, with practical implications for filtering-based robustness in distributed networks.

Abstract

The least-squares estimator has achieved considerable success in learning linear dynamical systems from a single trajectory of length . While it attains an optimal error of under independent zero-mean noise, it lacks robustness and is particularly susceptible to adversarial corruption. In this paper, we consider the identification of a networked system in which every node is subject to both noise and adversarial attacks. We assume that every node is independently corrupted with probability smaller than at each time, placing the overall system under almost-persistent local attack. We first show that no convex one-stage estimator can achieve a consistent estimate as grows under both noise and attacks. This motivates the development of a two-stage estimation method applied across nodes. In Stage I, we leverage the -norm estimator and derive an estimation error bound proportional to the noise level . This bound is subsequently used to detect and filter out attacks, producing a clean dataset for each node, to which we apply the least-squares estimator in Stage II. The resulting estimation error is on the order plus the product of and the number of misclassifications. In the event of perfect separability between attack and non-attack data, which occurs when injected attacks are sufficiently large relative to the noise scale, our two-stage estimator is consistent for the true system.
Paper Structure (20 sections, 19 theorems, 120 equations, 1 figure, 2 algorithms)

This paper contains 20 sections, 19 theorems, 120 equations, 1 figure, 2 algorithms.

Table of Contents

  1. Introduction
  2. Problem Formulation
  3. Analysis of One-Stage Estimation
  4. Design of Two-Stage Estimation
  5. Algorithm Description
  6. Analysis of Two-Stage Estimation
  7. Analysis of Stage I
  8. Analysis of Filtering Procedure
  9. Analysis of Stage II
  10. Numerical Experiments
  11. Conclusion
  12. Proof of Lemma \ref{['lemma:mf']}
  13. Proof of Theorem \ref{['thm:onestage']}
  14. Full Proof for Bounded Noise or Finite Expectation Structure
  15. Extensions to Infinite Expectation Structure
  16. ...and 5 more sections

Key Result

Lemma 3

Under Assumptions as:stability, as:subg, and as:excitation, we have $\mathbb{P}(\|Zx_t\|_2 \ge \frac{\lambda}{2}~|~\mathcal{F}_{t-1})=\Omega\Bigr( \frac{\lambda^4}{(\sigma_w + \sigma_v)^4}\Bigr)$ for all $Z\in\mathbb{R}^{m \times n}$ such that $\|Z\|_F=1$ and $\mathcal{F}_{t-1}$.

Figures (1)

  • Figure 1: (a) The $\ell_1$-norm estimator performs best. (b, c) Two-stage estimation with filtering is effective.

Theorems & Definitions (26)

  • Remark 1: Assumptions
  • Remark 2: Extensions
  • Lemma 3: Lower Bound on State Norms, zhang2024exact
  • Definition 4: Standard Convex Optimization for System Identification
  • Lemma 5
  • Theorem 6
  • Remark 7
  • Remark 8
  • Theorem 9
  • Corollary 10
  • ...and 16 more