Data Poisoning Attacks on Informativity for Observability: Invariance-Based Synthesis

TL;DR

This paper investigates how small, invertible linear transformations can be used by adversaries to compromise data informativity in control systems, providing methods to construct such attacks and quantify their minimal data distortion.

Contribution

It introduces a constructive attack method and feasibility conditions for embedding malicious states via data transformations in informativity-based control analysis.

Findings

Small structured transformations can invalidate informativity certificates.

The paper derives conditions under which such transformations are feasible.

An optimization problem is formulated to find the minimal data distortion attack.

Abstract

This paper studies cyber attacks against informativity-based analysis in data-driven control. Focusing on strong observability, we consider an adversary who post-processes finite time-series data by an invertible linear transformation acting on the data matrices. We show that such transformations are capable of embedding malicious states into the invariant subspace explained by the transformed dataset. We provide a constructive attack method and derive feasibility conditions that characterize when such transformations exist. Moreover, we formulate an optimization problem to obtain the minimum-norm attack that quantifies the smallest data distortion required to destroy informativity. Numerical examples demonstrate that small and structured transformations can invalidate informativity certificates.