A White-Box Adversarial Attack Against a Digital Twin
This highlights a security risk for Digital Twin implementations in domains like transportation, but it is incremental as it applies known adversarial attack methods to a new context.
The paper tackles the vulnerability of Digital Twins, which use ML/DL models in cyber-physical systems, to adversarial attacks by demonstrating a white-box attack on a vehicular system model, showing it can be easily broken with perturbed inputs.
Recent research has shown that Machine Learning/Deep Learning (ML/DL) models are particularly vulnerable to adversarial perturbations, which are small changes made to the input data in order to fool a machine learning classifier. The Digital Twin, which is typically described as consisting of a physical entity, a virtual counterpart, and the data connections in between, is increasingly being investigated as a means of improving the performance of physical entities by leveraging computational techniques, which are enabled by the virtual counterpart. This paper explores the susceptibility of Digital Twin (DT), a virtual model designed to accurately reflect a physical object using ML/DL classifiers that operate as Cyber Physical Systems (CPS), to adversarial attacks. As a proof of concept, we first formulate a DT of a vehicular system using a deep neural network architecture and then utilize it to launch an adversarial attack. We attack the DT model by perturbing the input to the trained model and show how easily the model can be broken with white-box attacks.