Data Poisoning Attacks Can Systematically Destabilize Data-Driven Control Synthesis

TL;DR

This paper demonstrates that data poisoning attacks can systematically destabilize data-driven control systems by manipulating training data, even without system knowledge, posing significant security risks.

Contribution

It introduces a recursive data-poisoning method that causes destabilization in data-driven control without requiring system or controller details.

Findings

Data poisoning can destabilize control systems without system knowledge.

The proposed attack manipulates data trajectories to induce destabilization.

Simulations confirm effectiveness in noisy and noise-free scenarios.

Abstract

Data-driven control has emerged as a powerful paradigm for synthesizing controllers directly from data, bypassing explicit model identification. However, this reliance on data introduces new and largely unexplored vulnerabilities. In this paper, we show that an attacker can systematically poison the data used for control synthesis, causing any linear state-feedback controller synthesized by the planner to destabilize the physical system. Concerningly, we show that the attacker can achieve this objective without knowledge of the system model or the controller synthesis procedure. To this end, we develop a recursive data-poisoning mechanism that generates falsified state trajectories, inducing a precise geometric shift in the apparent system dynamics. More broadly, our results establish that data-driven control pipelines can be deterministically destabilized by model-agnostic attacks operating solely at the data level. Numerical simulations corroborate these findings for both noise-free and noisy data.