Data-Driven and Stealthy Deactivation of Safety Filters

TL;DR

This paper presents a novel data-driven attack method that can deactivate safety filters in control systems by observing input-output data, without prior knowledge of system details, demonstrated on an inverted pendulum.

Contribution

It introduces a stealthy, data-driven attack approach that relaxes previous knowledge requirements for deactivating safety filters in control systems.

Findings

The attack can cause the system to leave a safe set despite safety filters.

The method identifies system dynamics solely from observed data.

Demonstrated effectiveness on an inverted pendulum example.

Abstract

Safety filters ensure that control actions that are executed are always safe, no matter the controller in question. Previous work has proposed a simple and stealthy false-data injection attack for deactivating such safety filters. This attack injects false sensor measurements to bias state estimates toward the interior of a safety region, making the safety filter accept unsafe control actions. The attack does, however, require the adversary to know the dynamics of the system, the safety region used in the safety filter, and the observer gain. In this work we relax these requirements and show how a similar data-injection attack can be performed when the adversary only observes the input and output of the observer that is used by the safety filter, without any a priori knowledge about the system dynamics, safety region, or observer gain. In particular, the adversary uses the observed data to identify a state-space model that describes the observer dynamics, and then approximates a safety region in the identified embedding. We exemplify the data-driven attack on an inverted pendulum, where we show how the attack can make the system leave a safe set, even when a safety filter is supposed to stop this from happening.