Analysis and Detectability of Offline Data Poisoning Attacks on Linear Dynamical Systems
This addresses security vulnerabilities in data-driven control systems, which are critical for applications like autonomous vehicles or industrial automation, but the work is incremental as it builds on existing poisoning concepts adapted to dynamical systems.
The paper tackles the problem of offline data poisoning attacks on linear dynamical systems, which differ from standard machine learning settings due to dependencies in data, and proposes a stealthy attack on the least-squares estimator that evades classical statistical tests, demonstrating its efficiency.
In recent years, there has been a growing interest in the effects of data poisoning attacks on data-driven control methods. Poisoning attacks are well-known to the Machine Learning community, which, however, make use of assumptions, such as cross-sample independence, that in general do not hold for linear dynamical systems. Consequently, these systems require different attack and detection methods than those developed for supervised learning problems in the i.i.d.\ setting. Since most data-driven control algorithms make use of the least-squares estimator, we study how poisoning impacts the least-squares estimate through the lens of statistical testing, and question in what way data poisoning attacks can be detected. We establish under which conditions the set of models compatible with the data includes the true model of the system, and we analyze different poisoning strategies for the attacker. On the basis of the arguments hereby presented, we propose a stealthy data poisoning attack on the least-squares estimator that can escape classical statistical tests, and conclude by showing the efficiency of the proposed attack.