Adversarial Destabilization Attacks to Direct Data-Driven Control
This addresses security risks in data-driven control systems, which is critical for applications like autonomous vehicles or industrial automation, but it is incremental as it adapts existing adversarial machine learning techniques to a new domain.
The study tackled the vulnerability of direct data-driven control, specifically in the LQR problem, to adversarial perturbations in offline data, showing that imperceptibly small perturbations can cause instability, while proposed defenses reduced attack success rates with minimal performance loss.
This study explores the vulnerability of direct data driven control, particularly in the linear quadratic regulator (LQR) problem, to adversarial perturbations in offline collected data. We focus on stealthy attacks that subtly alter training data to destabilize the closed-loop system while evading detection. To craft such attacks, we propose Directed Gradient Sign Method (DGSM) and its iterative variant (I-DGSM), which adapt techniques from adversarial machine learning to align perturbations with the gradient of the closed-loop spectral radius. A key technical contribution is an efficient and exact gradient computation method using implicit differentiation through the Karush-Kuhn-Tucker conditions of the underlying semidefinite program. For defense, we introduce two strategies: (i) regularization to reduce controller sensitivity, and (ii) robust data-driven control that ensures stability under bounded perturbations. Experiments across benchmark systems reveal that even imperceptibly small perturbations, up to ten times smaller than random noise, can lead to instability, while the proposed defenses significantly reduce attack success rates with minimal performance loss. We also assess transferability under partial knowledge, demonstrating the importance of protecting training data. This work highlights critical security risks in data driven control and proposes practical methods for both attack and defense.