Analysis and Detectability of Offline Data Poisoning Attacks on Linear Dynamical Systems

TL;DR

This paper investigates how data poisoning attacks affect linear dynamical systems, focusing on their detectability and proposing a stealthy attack method that evades classical statistical tests.

Contribution

It introduces a new analysis of poisoning impacts on least-squares estimation in dynamical systems and proposes a novel stealthy attack strategy.

Findings

Stealthy attack can evade classical statistical detection methods.

Conditions identified where true system models remain compatible with poisoned data.

Analysis of different poisoning strategies and their effectiveness.

Abstract

In recent years, there has been a growing interest in the effects of data poisoning attacks on data-driven control methods. Poisoning attacks are well-known to the Machine Learning community, which, however, make use of assumptions, such as cross-sample independence, that in general do not hold for linear dynamical systems. Consequently, these systems require different attack and detection methods than those developed for supervised learning problems in the i.i.d.\ setting. Since most data-driven control algorithms make use of the least-squares estimator, we study how poisoning impacts the least-squares estimate through the lens of statistical testing, and question in what way data poisoning attacks can be detected. We establish under which conditions the set of models compatible with the data includes the true model of the system, and we analyze different poisoning strategies for the attacker. On the basis of the arguments hereby presented, we propose a stealthy data poisoning attack on the least-squares estimator that can escape classical statistical tests, and conclude by showing the efficiency of the proposed attack.