Data Poisoning Attacks on Informativity for Observability: Invariance-Based Synthesis
This work identifies a vulnerability in data-driven control for control theorists and practitioners, but the attack model is restrictive (invertible linear transformations) and the results are incremental.
The paper studies data poisoning attacks that use invertible linear transformations to embed malicious states into invariant subspaces, thereby invalidating informativity certificates for strong observability. The authors provide a constructive attack method and show that small, structured transformations can destroy informativity.
This paper studies cyber attacks against informativity-based analysis in data-driven control. Focusing on strong observability, we consider an adversary who post-processes finite time-series data by an invertible linear transformation acting on the data matrices. We show that such transformations are capable of embedding malicious states into the invariant subspace explained by the transformed dataset. We provide a constructive attack method and derive feasibility conditions that characterize when such transformations exist. Moreover, we formulate an optimization problem to obtain the minimum-norm attack that quantifies the smallest data distortion required to destroy informativity. Numerical examples demonstrate that small and structured transformations can invalidate informativity certificates.