A White-Box Adversarial Attack Against a Digital Twin

TL;DR

This paper demonstrates that digital twins powered by ML/DL models are vulnerable to white-box adversarial attacks, highlighting security risks in cyber-physical systems and proposing a method to evaluate their robustness.

Contribution

It introduces a white-box adversarial attack framework specifically targeting digital twins modeled with deep neural networks in cyber-physical systems.

Findings

Digital twin models can be easily compromised with small input perturbations.

White-box attacks are highly effective against ML/DL-based digital twins.

The study highlights the need for robust security measures in digital twin implementations.

Abstract

Recent research has shown that Machine Learning/Deep Learning (ML/DL) models are particularly vulnerable to adversarial perturbations, which are small changes made to the input data in order to fool a machine learning classifier. The Digital Twin, which is typically described as consisting of a physical entity, a virtual counterpart, and the data connections in between, is increasingly being investigated as a means of improving the performance of physical entities by leveraging computational techniques, which are enabled by the virtual counterpart. This paper explores the susceptibility of Digital Twin (DT), a virtual model designed to accurately reflect a physical object using ML/DL classifiers that operate as Cyber Physical Systems (CPS), to adversarial attacks. As a proof of concept, we first formulate a DT of a vehicular system using a deep neural network architecture and then utilize it to launch an adversarial attack. We attack the DT model by perturbing the input to the trained model and show how easily the model can be broken with white-box attacks.