Saved in:
Bibliographic Details
Main Authors: Arnström, Daniel, Teixeira, André M. H.
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2412.01346
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917853501849600
author Arnström, Daniel
Teixeira, André M. H.
author_facet Arnström, Daniel
Teixeira, André M. H.
contents Safety filters ensure that control actions that are executed are always safe, no matter the controller in question. Previous work has proposed a simple and stealthy false-data injection attack for deactivating such safety filters. This attack injects false sensor measurements to bias state estimates toward the interior of a safety region, making the safety filter accept unsafe control actions. The attack does, however, require the adversary to know the dynamics of the system, the safety region used in the safety filter, and the observer gain. In this work we relax these requirements and show how a similar data-injection attack can be performed when the adversary only observes the input and output of the observer that is used by the safety filter, without any a priori knowledge about the system dynamics, safety region, or observer gain. In particular, the adversary uses the observed data to identify a state-space model that describes the observer dynamics, and then approximates a safety region in the identified embedding. We exemplify the data-driven attack on an inverted pendulum, where we show how the attack can make the system leave a safe set, even when a safety filter is supposed to stop this from happening.
format Preprint
id arxiv_https___arxiv_org_abs_2412_01346
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Data-Driven and Stealthy Deactivation of Safety Filters
Arnström, Daniel
Teixeira, André M. H.
Systems and Control
Safety filters ensure that control actions that are executed are always safe, no matter the controller in question. Previous work has proposed a simple and stealthy false-data injection attack for deactivating such safety filters. This attack injects false sensor measurements to bias state estimates toward the interior of a safety region, making the safety filter accept unsafe control actions. The attack does, however, require the adversary to know the dynamics of the system, the safety region used in the safety filter, and the observer gain. In this work we relax these requirements and show how a similar data-injection attack can be performed when the adversary only observes the input and output of the observer that is used by the safety filter, without any a priori knowledge about the system dynamics, safety region, or observer gain. In particular, the adversary uses the observed data to identify a state-space model that describes the observer dynamics, and then approximates a safety region in the identified embedding. We exemplify the data-driven attack on an inverted pendulum, where we show how the attack can make the system leave a safe set, even when a safety filter is supposed to stop this from happening.
title Data-Driven and Stealthy Deactivation of Safety Filters
topic Systems and Control
url https://arxiv.org/abs/2412.01346