Click here to flash read.
In recent years, there has been a growing interest in the effects of data
poisoning attacks on data-driven control methods. Poisoning attacks are
well-known to the Machine Learning community, which, however, make use of
assumptions, such as cross-sample independence, that in general do not hold for
linear dynamical systems. Consequently, these systems require different attack
and detection methods than those developed for supervised learning problems in
the i.i.d.\ setting. Since most data-driven control algorithms make use of the
least-squares estimator, we study how poisoning impacts the least-squares
estimate through the lens of statistical testing, and question in what way data
poisoning attacks can be detected. We establish under which conditions the set
of models compatible with the data includes the true model of the system, and
we analyze different poisoning strategies for the attacker. On the basis of the
arguments hereby presented, we propose a stealthy data poisoning attack on the
least-squares estimator that can escape classical statistical tests, and
conclude by showing the efficiency of the proposed attack.
