Data and code for "Adversarial Destabilization Attacks to Direct Data-driven Control"

This is a MATLAB code and data for the work [1]."code" folder includes MATLAB codes.Requirements: Control System Toolbox, Parallel Computing Toolbox, cvx"data" folder includes the data described in the manuscript.[1] Hampei Sasahara, "Adversarial Destabilization Attacks to Direct Data-driven Control," submitted to IEEE OJ-CSYS, 2023.Abstract: This paper examines the vulnerability of direct data-driven control to malicious attacks that aim at destabilizing the resulting closed-loop system by introducing a subtle yet sophisticated perturbation into the observed input and output data. An effective attack method called the directed gradient sign method (DGSM) is devised. It build upon the fast gradient sign method (FGSM), which has initially been developed in the context of image classification. DGSM utilizes the gradient of the eigenvalues in the resulting closed-loop system to create a severe perturbation in the direction that deteriorates system's stability. This study demonstrates that the attack can destabilize the system, even when the original closed-loop system designed with the clean data exhibits a considerable stability margin. Remarkably, it is shown that the attack can have a significant impact even when the attacker lacks complete knowledge of the data and hyperparameters in the controller design algorithm. Furthermore, to enhance resilience against such attacks, regularization methods originally developed for dealing with random disturbances are explored. Their effectiveness is verified through numerical experiments. Finally, statistical analysis with randomly generated systems identifies system's features significant to the attack impact.

本数据集包含对应文献[1]的MATLAB代码与配套数据。其中「code」文件夹内含MATLAB代码，运行所需依赖包括：控制系统工具箱（Control System Toolbox）、并行计算工具箱（Parallel Computing Toolbox）以及cvx库。「data」文件夹则收录了论文手稿中提及的实验数据。 [1] Hampei Sasahara, 《针对直接数据驱动控制的对抗性失稳攻击》，已提交至IEEE OJ-CSYS，2023年。 **摘要**：本文研究了直接数据驱动控制（direct data-driven control）的安全性脆弱性：攻击者可通过向观测到的输入输出数据中注入细微且精巧的扰动，使最终形成的闭环系统失稳。本文提出了一种名为定向梯度符号法（Directed Gradient Sign Method, DGSM）的高效攻击手段，该方法基于最初在图像分类场景中提出的快速梯度符号法（Fast Gradient Sign Method, FGSM）。DGSM利用闭环系统特征值的梯度，在破坏系统稳定性的方向上生成强扰动。研究表明，即便使用干净数据设计的原始闭环系统具备可观的稳定裕度，该攻击仍可使系统失稳。值得关注的是，即便攻击者对控制器设计算法中的数据与超参数缺乏完整认知，该攻击仍可产生显著影响。此外，为提升对此类攻击的防御能力，本文探索了原本用于应对随机扰动的正则化方法，并通过数值实验验证了其有效性。最后，本文通过对随机生成系统的统计分析，明确了对攻击效果存在显著影响的系统特征。