ConAML: Constrained Adversarial Machine Learning for Cyber-Physical Systems

Li, Jiangnan; Yang, Yingyuan; Sun, Jianhua; Tomsovic, Kevin; Qi, Hairong

doi:10.48550/arxiv.2003.05631

Cited by 10 publications

(16 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, if the vanilla attacker in Section VI-A sets the factor α to a small value, the resulted false measurements will have a high probability to bypass the DNN's detection. In this paper, we note the attacker can generate his/her adversarial perturbations based on multiple padding cases to increase their transferability and finally bypass the random padding system, as used in [57] and [20]. However, generating transferable perturbations will affect the attack performance, such as the valid L 2 -Norm, and increase labor and resources of the attacker [20].…”

Section: Discussion and Future Workmentioning

confidence: 99%

“…Tian et al extended [16] and proposed an adaptive normalized attack for power system ML applications [18]. [20] proposed constrained adversarial machine learning in CPS applications, and demonstrated an attacker can generate adversarial examples that meet the intrinsic constraints defined by physical systems, such as the residual-based detection in state estimation.…”

Section: B Adversarial Attacksmentioning

confidence: 99%

“…As shown by Line 9 in Algorithm 1, the attacker projects the adversarial perturbation to the solution space of the constraint matrix. In this paper, we employ the dependent variable scheme in [20] to implement the projection. Given the constraint matrix B', we first obtain the corresponding independent variable index I, dependent variable index D, and their dependency matrix B.…”

Section: Adversarial Attack Algorithmmentioning

confidence: 99%

“…By adding well-crafted perturbations to the DNN's input, the attacker can deceive the DNN to output wrong decisions. Recent research has shown that such attacks are also effective on power system applications [16]- [19], including DNN-based FDIA detection [20] and state estimation [21]. Therefore, the risks of adversarial attacks need to be considered and more robust DNNs that are resilient to adversarial attacks should be proposed for FDIA detection in power system state estimation.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Towards Adversarial-Resilient Deep Neural Networks for False Data Injection Attack Detection in Power Grids

Li¹,

Yang²,

Sun³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

False data injection attack (FDIA) is a critical security issue in power system state estimation. In recent years, machine learning (ML) techniques, especially deep neural networks (DNNs), have been proposed in the literature for FDIA detection. However, they have not considered the risk of adversarial attacks, which were shown to be threatening to DNN's reliability in different ML applications. In this paper, we evaluate the vulnerability of DNNs used for FDIA detection through adversarial attacks and study the defensive approaches. We analyze several representative adversarial defense mechanisms and demonstrate that they have intrinsic limitations in FDIA detection. We then design an adversarial-resilient DNN detection framework for FDIA by introducing random input padding in both the training and inference phases. Extensive simulations based on an IEEE standard power system show that our framework greatly reduces the effectiveness of adversarial attacks while having little impact on the detection performance of the DNNs.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

Section: B Adversarial Attacksmentioning

confidence: 99%

Section: Adversarial Attack Algorithmmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards Adversarial-Resilient Deep Neural Networks for False Data Injection Attack Detection in Power Grids

Li¹,

Yang²,

Sun³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…By adding well-crafted perturbations to the legitimate inputs, the attacker is able to deceive the well-trained ML models to output the wrong classification results. In addition, the adversarial attacks are also shown to be effective in power systems applications [14]- [16]. As the ML approaches become popular in detecting energy theft, the threat from adversarial attacks need to be investigated to prevent potential financial losses.…”

Section: Introductionmentioning

confidence: 99%

SearchFromFree: Adversarial Measurements for Machine Learning-based Energy Theft Detection

Yang

Sun

2020

Preprint

Self Cite

View full text Add to dashboard Cite

Energy theft causes large economic losses to utility companies around the world. In recent years, energy theft detection approaches based on machine learning (ML) techniques, especially neural networks, are becoming popular in the research community and shown to achieve state-of-the-art detection performance. However, in this work, we demonstrate that the well-trained ML models for energy theft detection are highly vulnerable to adversarial attacks. In particular, we design an adversarial measurement generation approach that enables the attacker to report extremely low power consumption measurements to utilities while bypassing the ML energy theft detection. We evaluate our approach with three kinds of neural networks based on a real-world smart meter dataset. The evaluation results demonstrate that our approach is able to significantly decrease the ML models' detection accuracy, even for black-box attackers.

show abstract