Adversarial Tradeoffs in Robust State Estimation

TL;DR

This paper investigates the fundamental tradeoff between robustness to adversarial perturbations and estimation accuracy in state estimation, specifically developing a framework for adversarially robust Kalman filtering and analyzing its theoretical properties.

Contribution

It introduces a novel adversarially robust Kalman filtering problem, providing exact perturbation characterization, algorithms, and bounds linking robustness to control-theoretic system properties.

Findings

Exact adversarial perturbation characterization in Kalman filtering.

Algorithms for computing worst-case adversarial perturbations.

Bounds relating robustness to spectral properties of the system.

Abstract

Adversarially robust training has been shown to reduce the susceptibility of learned models to targeted input data perturbations. However, it has also been observed that such adversarially robust models suffer a degradation in accuracy when applied to unperturbed data sets, leading to a robustness-accuracy tradeoff. Inspired by recent progress in the adversarial machine learning literature which characterize such tradeoffs in simple settings, we develop tools to quantitatively study the performance-robustness tradeoff between nominal and robust state estimation. In particular, we define and analyze a novel $\textit{adversarially robust Kalman Filtering problem}$. We show that in contrast to most problem instances in adversarial machine learning, we can precisely derive the adversarial perturbation in the Kalman Filtering setting. We provide an algorithm to find this perturbation given data realizations, and develop upper and lower bounds on the adversarial state estimation error in terms of the standard (non-adversarial) estimation error and the spectral properties of the resulting observer. Through these results, we show a natural connection between a filter's robustness to adversarial perturbation and underlying control theoretic properties of the system being observed, namely the spectral properties of its observability gramian.