当前位置:
X-MOL 学术
›
IEEE Trans. Ind. Inform.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
Attack and Defense: Adversarial Security of Data-Driven FDC Systems
IEEE Transactions on Industrial Informatics ( IF 11.7 ) Pub Date : 8-8-2022 , DOI: 10.1109/tii.2022.3197190 Yue Zhuo 1 , Zhenqin Yin 1 , Zhiqiang Ge 1
IEEE Transactions on Industrial Informatics ( IF 11.7 ) Pub Date : 8-8-2022 , DOI: 10.1109/tii.2022.3197190 Yue Zhuo 1 , Zhenqin Yin 1 , Zhiqiang Ge 1
Affiliation
In modern industries, data-driven fault detection and classification (FDC) systems can efficiently maintain industrial security and stability, while the security of the data-driven FDC system itself is rarely or even never considered. The security problem named adversarial vulnerability is the intrinsic of data-driven machine learning models, which will give incorrect predictions under the maliciously perturbed input data. This paper presents a work on this new security topic of the data-driven FDC systems, by 1) summarizing and comparing various recent and typical adversarial attack and defense methods for fault classifiers; 2) proposing novel attack and defense techniques for unsupervised fault detectors; 3) constructing a novel industrial adversarial security benchmark on FDC systems in the Tennessee-Eastman process (TEP) dataset; 4) exploring and discussing which attack is most potentially threatening for FDC systems and which defense technique is most applicable to mitigate attacks. The results reveal unique security properties of FDC systems, mainly including 1) for fault classifiers, black-box attack is close to the attack strength of white-box FGSM and the universal transferable attack is not significantly stronger than random noise; 2) weak adversarial training is excellent with high adversarial accuracy improvement and negligible clean accuracy decrease; 3) fault detectors are intrinsically more robust, and can be well protected by strong adversarial training. More intriguing properties and profound insights are demonstrated in the paper. This pioneering work could guide researchers and practitioners in discovering and navigating the field of FDC system adversarial robustness, outlining the research directions and open problems.
中文翻译:
攻击与防御:数据驱动的 FDC 系统的对抗性安全
在现代工业中,数据驱动的故障检测和分类(FDC)系统可以有效维护工业安全和稳定,而数据驱动的FDC系统本身的安全性却很少甚至从未被考虑。对抗性漏洞的安全问题是数据驱动的机器学习模型的本质,它会在恶意扰动的输入数据下给出错误的预测。本文提出了关于数据驱动的 FDC 系统这一新安全主题的工作,方法是:1)总结和比较各种最新和典型的故障分类器对抗攻击和防御方法; 2)为无监督故障检测器提出新颖的攻击和防御技术; 3)在Tennessee-Eastman process(TEP)数据集中的FDC系统上构建一个新颖的工业对抗安全基准; 4)探索和讨论哪种攻击对FDC系统最具潜在威胁以及哪种防御技术最适用于减轻攻击。结果揭示了FDC系统独特的安全特性,主要包括1)对于故障分类器,黑盒攻击接近白盒FGSM的攻击强度,并且通用可转移攻击并不明显强于随机噪声; 2)弱对抗训练非常出色,对抗精度提高很高,干净精度下降可以忽略不计; 3)故障检测器本质上更加鲁棒,并且可以通过强对抗性训练得到很好的保护。论文中展示了更多有趣的性质和深刻的见解。这项开创性的工作可以指导研究人员和从业者发现和探索 FDC 系统对抗鲁棒性领域,概述研究方向和开放问题。
更新日期:2024-08-28
中文翻译:
攻击与防御:数据驱动的 FDC 系统的对抗性安全
在现代工业中,数据驱动的故障检测和分类(FDC)系统可以有效维护工业安全和稳定,而数据驱动的FDC系统本身的安全性却很少甚至从未被考虑。对抗性漏洞的安全问题是数据驱动的机器学习模型的本质,它会在恶意扰动的输入数据下给出错误的预测。本文提出了关于数据驱动的 FDC 系统这一新安全主题的工作,方法是:1)总结和比较各种最新和典型的故障分类器对抗攻击和防御方法; 2)为无监督故障检测器提出新颖的攻击和防御技术; 3)在Tennessee-Eastman process(TEP)数据集中的FDC系统上构建一个新颖的工业对抗安全基准; 4)探索和讨论哪种攻击对FDC系统最具潜在威胁以及哪种防御技术最适用于减轻攻击。结果揭示了FDC系统独特的安全特性,主要包括1)对于故障分类器,黑盒攻击接近白盒FGSM的攻击强度,并且通用可转移攻击并不明显强于随机噪声; 2)弱对抗训练非常出色,对抗精度提高很高,干净精度下降可以忽略不计; 3)故障检测器本质上更加鲁棒,并且可以通过强对抗性训练得到很好的保护。论文中展示了更多有趣的性质和深刻的见解。这项开创性的工作可以指导研究人员和从业者发现和探索 FDC 系统对抗鲁棒性领域,概述研究方向和开放问题。
京公网安备 11010802027423号