Search

Your search keyword '"Niu, Luyao"' showing total 157 results
Start Over Author "Niu, Luyao"
157 results on '"Niu, Luyao"'

1. CleanGen: Mitigating Backdoor Attacks for Generation Tasks in Large Language Models

Author

Li, Yuetai, Xu, Zhangchen, Jiang, Fengqing, Niu, Luyao, Sahabandu, Dinuka, Ramasubramanian, Bhaskar, and Poovendran, Radha

Subjects
Computer Science - Artificial Intelligence, Computer Science - Cryptography and Security
Abstract

The remarkable performance of large language models (LLMs) in generation tasks has enabled practitioners to leverage publicly available models to power custom applications, such as chatbots and virtual assistants. However, the data used to train or fine-tune these LLMs is often undisclosed, allowing an attacker to compromise the data and inject backdoors into the models. In this paper, we develop a novel inference time defense, named CleanGen, to mitigate backdoor attacks for generation tasks in LLMs. CleanGenis a lightweight and effective decoding strategy that is compatible with the state-of-the-art (SOTA) LLMs. Our insight behind CleanGen is that compared to other LLMs, backdoored LLMs assign significantly higher probabilities to tokens representing the attacker-desired contents. These discrepancies in token probabilities enable CleanGen to identify suspicious tokens favored by the attacker and replace them with tokens generated by another LLM that is not compromised by the same attacker, thereby avoiding generation of attacker-desired content. We evaluate CleanGen against five SOTA backdoor attacks. Our results show that CleanGen achieves lower attack success rates (ASR) compared to five SOTA baseline defenses for all five backdoor attacks. Moreover, LLMs deploying CleanGen maintain helpfulness in their responses when serving benign user queries with minimal added computational overhead.

Published
2024

2. ChatBug: A Common Vulnerability of Aligned LLMs Induced by Chat Templates

Author

Jiang, Fengqing, Xu, Zhangchen, Niu, Luyao, Lin, Bill Yuchen, and Poovendran, Radha

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Machine Learning
Abstract

Large language models (LLMs) are expected to follow instructions from users and engage in conversations. Techniques to enhance LLMs' instruction-following capabilities typically fine-tune them using data structured according to a predefined chat template. Although chat templates are shown to be effective in optimizing LLM performance, their impact on safety alignment of LLMs has been less understood, which is crucial for deploying LLMs safely at scale. In this paper, we investigate how chat templates affect safety alignment of LLMs. We identify a common vulnerability, named ChatBug, that is introduced by chat templates. Our key insight to identify ChatBug is that the chat templates provide a rigid format that need to be followed by LLMs, but not by users. Hence, a malicious user may not necessarily follow the chat template when prompting LLMs. Instead, malicious users could leverage their knowledge of the chat template and accordingly craft their prompts to bypass safety alignments of LLMs. We develop two attacks to exploit the ChatBug vulnerability. We demonstrate that a malicious user can exploit the ChatBug vulnerability of eight state-of-the-art (SOTA) LLMs and effectively elicit unintended responses from these models. Moreover, we show that ChatBug can be exploited by existing jailbreak attacks to enhance their attack success rates. We investigate potential countermeasures to ChatBug. Our results show that while adversarial training effectively mitigates the ChatBug vulnerability, the victim model incurs significant performance degradation. These results highlight the trade-off between safety alignment and helpfulness. Developing new methods for instruction tuning to balance this trade-off is an open and critical direction for future research

Published
2024

3. Magpie: Alignment Data Synthesis from Scratch by Prompting Aligned LLMs with Nothing

Author

Xu, Zhangchen, Jiang, Fengqing, Niu, Luyao, Deng, Yuntian, Poovendran, Radha, Choi, Yejin, and Lin, Bill Yuchen

Subjects
Computer Science - Computation and Language, Computer Science - Artificial Intelligence
Abstract

High-quality instruction data is critical for aligning large language models (LLMs). Although some models, such as Llama-3-Instruct, have open weights, their alignment data remain private, which hinders the democratization of AI. High human labor costs and a limited, predefined scope for prompting prevent existing open-source data creation methods from scaling effectively, potentially limiting the diversity and quality of public alignment datasets. Is it possible to synthesize high-quality instruction data at scale by extracting it directly from an aligned LLM? We present a self-synthesis method for generating large-scale alignment data named Magpie. Our key observation is that aligned LLMs like Llama-3-Instruct can generate a user query when we input only the left-side templates up to the position reserved for user messages, thanks to their auto-regressive nature. We use this method to prompt Llama-3-Instruct and generate 4 million instructions along with their corresponding responses. We perform a comprehensive analysis of the extracted data and select 300K high-quality instances. To compare Magpie data with other public instruction datasets, we fine-tune Llama-3-8B-Base with each dataset and evaluate the performance of the fine-tuned models. Our results indicate that in some tasks, models fine-tuned with Magpie perform comparably to the official Llama-3-8B-Instruct, despite the latter being enhanced with 10 million data points through supervised fine-tuning (SFT) and subsequent feedback learning. We also show that using Magpie solely for SFT can surpass the performance of previous public datasets utilized for both SFT and preference optimization, such as direct preference optimization with UltraFeedback. This advantage is evident on alignment benchmarks such as AlpacaEval, ArenaHard, and WildBench., Comment: Link: https://magpie-align.github.io/

Published
2024

4. ACE: A Model Poisoning Attack on Contribution Evaluation Methods in Federated Learning

Author

Xu, Zhangchen, Jiang, Fengqing, Niu, Luyao, Jia, Jinyuan, Li, Bo, and Poovendran, Radha

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Machine Learning
Abstract

In Federated Learning (FL), a set of clients collaboratively train a machine learning model (called global model) without sharing their local training data. The local training data of clients is typically non-i.i.d. and heterogeneous, resulting in varying contributions from individual clients to the final performance of the global model. In response, many contribution evaluation methods were proposed, where the server could evaluate the contribution made by each client and incentivize the high-contributing clients to sustain their long-term participation in FL. Existing studies mainly focus on developing new metrics or algorithms to better measure the contribution of each client. However, the security of contribution evaluation methods of FL operating in adversarial environments is largely unexplored. In this paper, we propose the first model poisoning attack on contribution evaluation methods in FL, termed ACE. Specifically, we show that any malicious client utilizing ACE could manipulate the parameters of its local model such that it is evaluated to have a high contribution by the server, even when its local training data is indeed of low quality. We perform both theoretical analysis and empirical evaluations of ACE. Theoretically, we show our design of ACE can effectively boost the malicious client's perceived contribution when the server employs the widely-used cosine distance metric to measure contribution. Empirically, our results show ACE effectively and efficiently deceive five state-of-the-art contribution evaluation methods. In addition, ACE preserves the accuracy of the final global models on testing inputs. We also explore six countermeasures to defend ACE. Our results show they are inadequate to thwart ACE, highlighting the urgent need for new defenses to safeguard the contribution evaluation methods in FL., Comment: To appear in the 33rd USENIX Security Symposium, 2024

Published
2024

5. PlanGPT: Enhancing Urban Planning with Tailored Language Model and Efficient Retrieval

Author

Zhu, He, Zhang, Wenjia, Huang, Nuoxian, Li, Boyang, Niu, Luyao, Fan, Zipei, Lun, Tianle, Tao, Yicheng, Su, Junyou, Gong, Zhaoya, Fang, Chenyu, and Liu, Xing

Subjects
Computer Science - Computation and Language
Abstract

In the field of urban planning, general-purpose large language models often struggle to meet the specific needs of planners. Tasks like generating urban planning texts, retrieving related information, and evaluating planning documents pose unique challenges. To enhance the efficiency of urban professionals and overcome these obstacles, we introduce PlanGPT, the first specialized Large Language Model tailored for urban and spatial planning. Developed through collaborative efforts with institutions like the Chinese Academy of Urban Planning, PlanGPT leverages a customized local database retrieval framework, domain-specific fine-tuning of base models, and advanced tooling capabilities. Empirical tests demonstrate that PlanGPT has achieved advanced performance, delivering responses of superior quality precisely tailored to the intricacies of urban planning.

Published
2024

6. Fault Tolerant Neural Control Barrier Functions for Robotic Systems under Sensor Faults and Attacks

Author

Zhang, Hongchao, Niu, Luyao, Clark, Andrew, and Poovendran, Radha

Subjects
Computer Science - Robotics, Computer Science - Artificial Intelligence, Electrical Engineering and Systems Science - Systems and Control
Abstract

Safety is a fundamental requirement of many robotic systems. Control barrier function (CBF)-based approaches have been proposed to guarantee the safety of robotic systems. However, the effectiveness of these approaches highly relies on the choice of CBFs. Inspired by the universal approximation power of neural networks, there is a growing trend toward representing CBFs using neural networks, leading to the notion of neural CBFs (NCBFs). Current NCBFs, however, are trained and deployed in benign environments, making them ineffective for scenarios where robotic systems experience sensor faults and attacks. In this paper, we study safety-critical control synthesis for robotic systems under sensor faults and attacks. Our main contribution is the development and synthesis of a new class of CBFs that we term fault tolerant neural control barrier function (FT-NCBF). We derive the necessary and sufficient conditions for FT-NCBFs to guarantee safety, and develop a data-driven method to learn FT-NCBFs by minimizing a loss function constructed using the derived conditions. Using the learned FT-NCBF, we synthesize a control input and formally prove the safety guarantee provided by our approach. We demonstrate our proposed approach using two case studies: obstacle avoidance problem for an autonomous mobile robot and spacecraft rendezvous problem, with code available via https://github.com/HongchaoZhang-HZ/FTNCBF.

Published
2024

7. ArtPrompt: ASCII Art-based Jailbreak Attacks against Aligned LLMs

Author

Jiang, Fengqing, Xu, Zhangchen, Niu, Luyao, Xiang, Zhen, Ramasubramanian, Bhaskar, Li, Bo, and Poovendran, Radha

Subjects
Computer Science - Computation and Language, Computer Science - Artificial Intelligence
Abstract

Safety is critical to the usage of large language models (LLMs). Multiple techniques such as data filtering and supervised fine-tuning have been developed to strengthen LLM safety. However, currently known techniques presume that corpora used for safety alignment of LLMs are solely interpreted by semantics. This assumption, however, does not hold in real-world applications, which leads to severe vulnerabilities in LLMs. For example, users of forums often use ASCII art, a form of text-based art, to convey image information. In this paper, we propose a novel ASCII art-based jailbreak attack and introduce a comprehensive benchmark Vision-in-Text Challenge (ViTC) to evaluate the capabilities of LLMs in recognizing prompts that cannot be solely interpreted by semantics. We show that five SOTA LLMs (GPT-3.5, GPT-4, Gemini, Claude, and Llama2) struggle to recognize prompts provided in the form of ASCII art. Based on this observation, we develop the jailbreak attack ArtPrompt, which leverages the poor performance of LLMs in recognizing ASCII art to bypass safety measures and elicit undesired behaviors from LLMs. ArtPrompt only requires black-box access to the victim LLMs, making it a practical attack. We evaluate ArtPrompt on five SOTA LLMs, and show that ArtPrompt can effectively and efficiently induce undesired behaviors from all five LLMs. Our code is available at https://github.com/uw-nsl/ArtPrompt., Comment: To appear in ACL 2024

Published
2024

8. SafeDecoding: Defending against Jailbreak Attacks via Safety-Aware Decoding

Author

Xu, Zhangchen, Jiang, Fengqing, Niu, Luyao, Jia, Jinyuan, Lin, Bill Yuchen, and Poovendran, Radha

Subjects
Computer Science - Cryptography and Security, Computer Science - Artificial Intelligence, Computer Science - Computation and Language
Abstract

As large language models (LLMs) become increasingly integrated into real-world applications such as code generation and chatbot assistance, extensive efforts have been made to align LLM behavior with human values, including safety. Jailbreak attacks, aiming to provoke unintended and unsafe behaviors from LLMs, remain a significant/leading LLM safety threat. In this paper, we aim to defend LLMs against jailbreak attacks by introducing SafeDecoding, a safety-aware decoding strategy for LLMs to generate helpful and harmless responses to user queries. Our insight in developing SafeDecoding is based on the observation that, even though probabilities of tokens representing harmful contents outweigh those representing harmless responses, safety disclaimers still appear among the top tokens after sorting tokens by probability in descending order. This allows us to mitigate jailbreak attacks by identifying safety disclaimers and amplifying their token probabilities, while simultaneously attenuating the probabilities of token sequences that are aligned with the objectives of jailbreak attacks. We perform extensive experiments on five LLMs using six state-of-the-art jailbreak attacks and four benchmark datasets. Our results show that SafeDecoding significantly reduces the attack success rate and harmfulness of jailbreak attacks without compromising the helpfulness of responses to benign user queries. SafeDecoding outperforms six defense methods., Comment: To appear in ACL 2024

Published
2024

9. Game of Trojans: Adaptive Adversaries Against Output-based Trojaned-Model Detectors

Author

Sahabandu, Dinuka, Xu, Xiaojun, Rajabi, Arezoo, Niu, Luyao, Ramasubramanian, Bhaskar, Li, Bo, and Poovendran, Radha

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

We propose and analyze an adaptive adversary that can retrain a Trojaned DNN and is also aware of SOTA output-based Trojaned model detectors. We show that such an adversary can ensure (1) high accuracy on both trigger-embedded and clean samples and (2) bypass detection. Our approach is based on an observation that the high dimensionality of the DNN parameters provides sufficient degrees of freedom to simultaneously achieve these objectives. We also enable SOTA detectors to be adaptive by allowing retraining to recalibrate their parameters, thus modeling a co-evolution of parameters of a Trojaned model and detectors. We then show that this co-evolution can be modeled as an iterative game, and prove that the resulting (optimal) solution of this interactive game leads to the adversary successfully achieving the above objectives. In addition, we provide a greedy algorithm for the adversary to select a minimum number of input samples for embedding triggers. We show that for cross-entropy or log-likelihood loss functions used by the DNNs, the greedy algorithm provides provable guarantees on the needed number of trigger-embedded input samples. Extensive experiments on four diverse datasets -- MNIST, CIFAR-10, CIFAR-100, and SpeechCommand -- reveal that the adversary effectively evades four SOTA output-based Trojaned model detectors: MNTD, NeuralCleanse, STRIP, and TABOR.

Published
2024

10. Brave: Byzantine-Resilient and Privacy-Preserving Peer-to-Peer Federated Learning

Author

Xu, Zhangchen, Jiang, Fengqing, Niu, Luyao, Jia, Jinyuan, and Poovendran, Radha

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Distributed, Parallel, and Cluster Computing
Abstract

Federated learning (FL) enables multiple participants to train a global machine learning model without sharing their private training data. Peer-to-peer (P2P) FL advances existing centralized FL paradigms by eliminating the server that aggregates local models from participants and then updates the global model. However, P2P FL is vulnerable to (i) honest-but-curious participants whose objective is to infer private training data of other participants, and (ii) Byzantine participants who can transmit arbitrarily manipulated local models to corrupt the learning process. P2P FL schemes that simultaneously guarantee Byzantine resilience and preserve privacy have been less studied. In this paper, we develop Brave, a protocol that ensures Byzantine Resilience And privacy-preserving property for P2P FL in the presence of both types of adversaries. We show that Brave preserves privacy by establishing that any honest-but-curious adversary cannot infer other participants' private data by observing their models. We further prove that Brave is Byzantine-resilient, which guarantees that all benign participants converge to an identical model that deviates from a global model trained without Byzantine adversaries by a bounded distance. We evaluate Brave against three state-of-the-art adversaries on a P2P FL for image classification tasks on benchmark datasets CIFAR10 and MNIST. Our results show that the global model learned with Brave in the presence of adversaries achieves comparable classification accuracy to a global model trained in the absence of any adversary.

Published
2024

11. MDTD: A Multi Domain Trojan Detector for Deep Neural Networks

Author

Rajabi, Arezoo, Asokraj, Surudhi, Jiang, Fengqing, Niu, Luyao, Ramasubramanian, Bhaskar, Ritcey, Jim, and Poovendran, Radha

Subjects
Computer Science - Cryptography and Security, Computer Science - Machine Learning
Abstract

Machine learning models that use deep neural networks (DNNs) are vulnerable to backdoor attacks. An adversary carrying out a backdoor attack embeds a predefined perturbation called a trigger into a small subset of input samples and trains the DNN such that the presence of the trigger in the input results in an adversary-desired output class. Such adversarial retraining however needs to ensure that outputs for inputs without the trigger remain unaffected and provide high classification accuracy on clean samples. In this paper, we propose MDTD, a Multi-Domain Trojan Detector for DNNs, which detects inputs containing a Trojan trigger at testing time. MDTD does not require knowledge of trigger-embedding strategy of the attacker and can be applied to a pre-trained DNN model with image, audio, or graph-based inputs. MDTD leverages an insight that input samples containing a Trojan trigger are located relatively farther away from a decision boundary than clean samples. MDTD estimates the distance to a decision boundary using adversarial learning methods and uses this distance to infer whether a test-time input sample is Trojaned or not. We evaluate MDTD against state-of-the-art Trojan detection methods across five widely used image-based datasets: CIFAR100, CIFAR10, GTSRB, SVHN, and Flowers102; four graph-based datasets: AIDS, WinMal, Toxicant, and COLLAB; and the SpeechCommand audio dataset. MDTD effectively identifies samples that contain different types of Trojan triggers. We evaluate MDTD against adaptive attacks where an adversary trains a robust DNN to increase (decrease) distance of benign (Trojan) inputs from a decision boundary., Comment: Accepted to ACM Conference on Computer and Communications Security (ACM CCS) 2023

Published
2023

12. A Compositional Resilience Index for Computationally Efficient Safety Analysis of Interconnected Systems

Author

Niu, Luyao, Maruf, Abdullah Al, Clark, Andrew, Mertoguno, J. Sukarno, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Interconnected systems such as power systems and chemical processes are often required to satisfy safety properties in the presence of faults and attacks. Verifying safety of these systems, however, is computationally challenging due to nonlinear dynamics, high dimensionality, and combinatorial number of possible faults and attacks that can be incurred by the subsystems interconnected within the network. In this paper, we develop a compositional resilience index to verify safety properties of interconnected systems under faults and attacks. The resilience index is a tuple serving the following two purposes. First, it quantifies how a safety property is impacted when a subsystem is compromised by faults and attacks. Second, the resilience index characterizes the needed behavior of a subsystem during normal operations to ensure safety violations will not occur when future adverse events occur. We develop a set of sufficient conditions on the dynamics of each subsystem to satisfy its safety constraint, and leverage these conditions to formulate an optimization program to compute the resilience index. When multiple subsystems are interconnected and their resilience indices are given, we show that the safety constraints of the interconnected system can be efficiently verified by solving a system of linear inequalities. We demonstrate our developed resilience index using a numerical case study on chemical reactors connected in series.

Published
2023

13. Risk-Aware Distributed Multi-Agent Reinforcement Learning

Author

Maruf, Abdullah Al, Niu, Luyao, Ramasubramanian, Bhaskar, Clark, Andrew, and Poovendran, Radha

Subjects
Computer Science - Artificial Intelligence, Computer Science - Multiagent Systems, Electrical Engineering and Systems Science - Systems and Control
Abstract

Autonomous cyber and cyber-physical systems need to perform decision-making, learning, and control in unknown environments. Such decision-making can be sensitive to multiple factors, including modeling errors, changes in costs, and impacts of events in the tails of probability distributions. Although multi-agent reinforcement learning (MARL) provides a framework for learning behaviors through repeated interactions with the environment by minimizing an average cost, it will not be adequate to overcome the above challenges. In this paper, we develop a distributed MARL approach to solve decision-making problems in unknown environments by learning risk-aware actions. We use the conditional value-at-risk (CVaR) to characterize the cost function that is being minimized, and define a Bellman operator to characterize the value function associated to a given state-action pair. We prove that this operator satisfies a contraction property, and that it converges to the optimal value function. We then propose a distributed MARL algorithm called the CVaR QD-Learning algorithm, and establish that value functions of individual agents reaches consensus. We identify several challenges that arise in the implementation of the CVaR QD-Learning algorithm, and present solutions to overcome these. We evaluate the CVaR QD-Learning algorithm through simulations, and demonstrate the effect of a risk parameter on value functions at consensus.

Published
2023

14. A Hybrid Submodular Optimization Approach to Controlled Islanding with Post-Disturbance Stability Guarantees

Author

Niu, Luyao, Sahanbandu, Dinuka, Clark, Andrew, and Poovendran, Radha

Subjects
Mathematics - Optimization and Control, Electrical Engineering and Systems Science - Signal Processing, Electrical Engineering and Systems Science - Systems and Control
Abstract

Disturbances may create cascading failures in power systems and lead to widespread blackouts. Controlled islanding is an effective approach to mitigate cascading failures by partitioning the power system into a set of disjoint islands. To retain the stability of the power system following disturbances, the islanding strategy should not only be minimally disruptive, but also guarantee post-disturbance stability. In this paper, we study the problem of synthesizing post-disturbance stability-aware controlled islanding strategies. To ensure post-disturbance stability, our computation of islanding strategies takes load-generation balance and transmission line capacity constraints into consideration, leading to a hybrid optimization problem with both discrete and continuous variables. To mitigate the computational challenge incurred when solving the hybrid optimization program, we propose the concepts of hybrid submodularity and hybrid matroid. We show that the islanding problem is equivalent to a hybrid matroid optimization program, whose objective function is hybrid supermodular. Leveraging the supermodularity property, we develop an efficient local search algorithm and show that the proposed algorithm achieves 1/2-optimality guarantee. We compare our approach with a baseline using mixed-integer linear program on IEEE 118-bus, IEEE 300-bus, ActivSg 500-bus, and Polish 2383-bus systems. Our results show that our approach outperforms the baseline in terms of the total cost incurred during islanding across all test cases. Furthermore, our proposed approach can find an islanding strategy for large-scale test cases such as Polish 2383-bus system, whereas the baseline approach becomes intractable.

Published
2023
Full Text
View/download PDF

15. LDL: A Defense for Label-Based Membership Inference Attacks

Author

Rajabi, Arezoo, Sahabandu, Dinuka, Niu, Luyao, Ramasubramanian, Bhaskar, and Poovendran, Radha

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security
Abstract

The data used to train deep neural network (DNN) models in applications such as healthcare and finance typically contain sensitive information. A DNN model may suffer from overfitting. Overfitted models have been shown to be susceptible to query-based attacks such as membership inference attacks (MIAs). MIAs aim to determine whether a sample belongs to the dataset used to train a classifier (members) or not (nonmembers). Recently, a new class of label based MIAs (LAB MIAs) was proposed, where an adversary was only required to have knowledge of predicted labels of samples. Developing a defense against an adversary carrying out a LAB MIA on DNN models that cannot be retrained remains an open problem. We present LDL, a light weight defense against LAB MIAs. LDL works by constructing a high-dimensional sphere around queried samples such that the model decision is unchanged for (noisy) variants of the sample within the sphere. This sphere of label-invariance creates ambiguity and prevents a querying adversary from correctly determining whether a sample is a member or a nonmember. We analytically characterize the success rate of an adversary carrying out a LAB MIA when LDL is deployed, and show that the formulation is consistent with experimental observations. We evaluate LDL on seven datasets -- CIFAR-10, CIFAR-100, GTSRB, Face, Purchase, Location, and Texas -- with varying sizes of training data. All of these datasets have been used by SOTA LAB MIAs. Our experiments demonstrate that LDL reduces the success rate of an adversary carrying out a LAB MIA in each case. We empirically compare LDL with defenses against LAB MIAs that require retraining of DNN models, and show that LDL performs favorably despite not needing to retrain the DNNs., Comment: to appear in ACM ASIA Conference on Computer and Communications Security (ACM ASIACCS 2023)

Published
2022

16. A Timing-Based Framework for Designing Resilient Cyber-Physical Systems under Safety Constraint

Author

Maruf, Abdullah Al, Niu, Luyao, Clark, Andrew, Mertoguno, J. Sukarno, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Cyber-physical systems (CPS) are required to satisfy safety constraints in various application domains such as robotics, industrial manufacturing systems, and power systems. Faults and cyber attacks have been shown to cause safety violations, which can damage the system and endanger human lives. Resilient architectures have been proposed to ensure safety of CPS under such faults and attacks via methodologies including redundancy and restarting from safe operating conditions. The existing resilient architectures for CPS utilize different mechanisms to guarantee safety, and currently there is no approach to compare them. Moreover, the analysis and design undertaken for CPS employing one architecture is not readily extendable to another. In this paper, we propose a timing-based framework for CPS employing various resilient architectures and develop a common methodology for safety analysis and computation of control policies and design parameters. Using the insight that the cyber subsystem operates in one out of a finite number of statuses, we first develop a hybrid system model that captures CPS adopting any of these architectures. Based on the hybrid system, we formulate the problem of joint computation of control policies and associated timing parameters for CPS to satisfy a given safety constraint and derive sufficient conditions for the solution. Utilizing the derived conditions, we provide an algorithm to compute control policies and timing parameters relevant to the employed architecture. We also note that our solution can be applied to a wide class of CPS with polynomial dynamics and also allows incorporation of new architectures. We verify our proposed framework by performing a case study on adaptive cruise control of vehicles.

Published
2022

17. Abstraction-Free Control Synthesis to Satisfy Temporal Logic Constraints under Sensor Faults and Attacks

Author

Niu, Luyao, Li, Zhouchi, and Clark, Andrew

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

We study the problem of synthesizing a controller to satisfy a complex task in the presence of sensor faults and attacks. We model the task using Gaussian distribution temporal logic (GDTL), and propose a solution approach that does not rely on computing any finite abstraction to model the system. We decompose the GDTL specification into a sequence of reach-avoid sub-tasks. We develop a class of fault-tolerant finite time convergence control barrier functions (CBFs) to guarantee that a dynamical system reaches a set within finite time almost surely in the presence of malicious attacks. We use the fault-tolerant finite time convergence CBFs to guarantee the satisfaction of `reach' property. We ensure `avoid' part in each sub-task using fault-tolerant zeroing CBFs. These fault-tolerant CBFs formulate a set of linear constraints on the control input for each sub-task. We prove that if the error incurred by system state estimation is bounded by a certain threshold, then our synthesized controller fulfills each reach-avoid sub-task almost surely for any possible sensor fault and attack, and thus the GDTL specification is satisfied with probability one. We demonstrate our proposed approach using a numerical study on the coordination of two wheeled mobile robots.

Published
2022

18. Barrier Certificate based Safe Control for LiDAR-based Systems under Sensor Faults and Attacks

Author

Zhang, Hongchao, Cheng, Shiyu, Niu, Luyao, and Clark, Andrew

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Autonomous Cyber-Physical Systems (CPS) fuse proprioceptive sensors such as GPS and exteroceptive sensors including Light Detection and Ranging (LiDAR) and cameras for state estimation and environmental observation. It has been shown that both types of sensors can be compromised by malicious attacks, leading to unacceptable safety violations. We study the problem of safety-critical control of a LiDAR-based system under sensor faults and attacks. We propose a framework consisting of fault tolerant estimation and fault tolerant control. The former reconstructs a LiDAR scan with state estimations, and excludes the possible faulty estimations that are not aligned with LiDAR measurements. We also verify the correctness of LiDAR scans by comparing them with the reconstructed ones and removing the possibly compromised sector in the scan. Fault tolerant control computes a control signal with the remaining estimations at each time step. We prove that the synthesized control input guarantees system safety using control barrier certificates. We validate our proposed framework using a UAV delivery system in an urban environment. We show that our proposed approach guarantees safety for the UAV whereas a baseline fails.

Published
2022

19. Game of Trojans: A Submodular Byzantine Approach

Author

Sahabandu, Dinuka, Rajabi, Arezoo, Niu, Luyao, Li, Bo, Ramasubramanian, Bhaskar, and Poovendran, Radha

Subjects
Computer Science - Machine Learning, Computer Science - Cryptography and Security, Computer Science - Computer Science and Game Theory
Abstract

Machine learning models in the wild have been shown to be vulnerable to Trojan attacks during training. Although many detection mechanisms have been proposed, strong adaptive attackers have been shown to be effective against them. In this paper, we aim to answer the questions considering an intelligent and adaptive adversary: (i) What is the minimal amount of instances required to be Trojaned by a strong attacker? and (ii) Is it possible for such an attacker to bypass strong detection mechanisms? We provide an analytical characterization of adversarial capability and strategic interactions between the adversary and detection mechanism that take place in such models. We characterize adversary capability in terms of the fraction of the input dataset that can be embedded with a Trojan trigger. We show that the loss function has a submodular structure, which leads to the design of computationally efficient algorithms to determine this fraction with provable bounds on optimality. We propose a Submodular Trojan algorithm to determine the minimal fraction of samples to inject a Trojan trigger. To evade detection of the Trojaned model, we model strategic interactions between the adversary and Trojan detection mechanism as a two-player game. We show that the adversary wins the game with probability one, thus bypassing detection. We establish this by proving that output probability distributions of a Trojan model and a clean model are identical when following the Min-Max (MM) Trojan algorithm. We perform extensive evaluations of our algorithms on MNIST, CIFAR-10, and EuroSAT datasets. The results show that (i) with Submodular Trojan algorithm, the adversary needs to embed a Trojan trigger into a very small fraction of samples to achieve high accuracy on both Trojan and clean samples, and (ii) the MM Trojan algorithm yields a trained Trojan model that evades detection with probability 1., Comment: Submitted to GameSec 2022

Published
2022

20. Practice and Reflection on Diabetes Community Management Model from the Perspective of Value Co-creation

Author

NIU Luyao, YING Xinyu, ZHANG Shuqin, AN Zhixin, JI Jingya, LIU Yuehua, GAO Yuexia

Subjects
diabetes mellitus, chronic disease management, value-co-creation, community health services, review, Medicine
Abstract

China is one of the countries with the fastest growing prevalence of diabetes in the world, and also has the largest number of people with diabetes. The "Health China 2030" plan clearly proposes to further prevent and control major diseases, implement diabetes prevention and control, and guide patients with diabetes to strengthen health management and delay or prevent the development of diabetes. In the past 20 years, value co-creation theory has been well developed in the field of health services, and different countries (regions) have explored programs to prevent and control diabetes at low cost and high effectiveness, but it is currently lacking in the field of chronic disease management in China. Based on the perspective of value co-creation, this paper further summarizes the domestic and international experience of chronic disease management taking community as the research and analysis point, proposes the prospect from four aspects of active health, organizational guidance, digital technology, and incentive assessment, which provides references for optimizing and improving the service system of diabetes management at primary health care, establishing a model of collaborative participation of multiple subjects in community chronic disease management based on value co-creation, and realizing co-creation, co-management and sharing of chronic disease management.

Published
2024
Full Text
View/download PDF

21. An Analytical Framework for Control Synthesis of Cyber-Physical Systems with Safety Guarantee

Author

Niu, Luyao, Maruf, Abdullah Al, Clark, Andrew, Mertoguno, J. Sukarno, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Cyber-physical systems (CPS) are required to operate safely under fault and malicious attacks. The simplex architecture and the recently proposed cyber resilient architectures, e.g., Byzantine fault tolerant++ (BFT++), provide safety for CPS under faults and malicious cyber attacks, respectively. However, these existing architectures make use of different timing parameters and implementations to provide safety, and are seemingly unrelated. In this paper, we propose an analytical framework to represent the simplex, BFT++ and other practical cyber resilient architectures (CRAs). We construct a hybrid system that models CPS adopting any of these architectures. We derive sufficient conditions via our proposed framework under which a control policy is guaranteed to be safe. We present an algorithm to synthesize the control policy. We validate the proposed framework using a case study on lateral control of a Boeing 747, and demonstrate that our proposed approach ensures safety of the system.

Published
2022

22. A Compositional Approach to Safety-Critical Resilient Control for Systems with Coupled Dynamics

Author

Maruf, Abdullah Al, Niu, Luyao, Clark, Andrew, Mertoguno, J. Sukarno, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Complex, interconnected Cyber-physical Systems (CPS) are increasingly common in applications including smart grids and transportation. Ensuring safety of interconnected systems whose dynamics are coupled is challenging because the effects of faults and attacks in one sub-system can propagate to other sub-systems and lead to safety violations. In this paper, we study the problem of safety-critical control for CPS with coupled dynamics when some sub-systems are subject to failure or attack. We first propose resilient-safety indices (RSIs) for the faulty or compromised sub-systems that bound the worst-case impacts of faulty or compromised sub-systems on a set of specified safety constraints. By incorporating the RSIs, we provide a sufficient condition for the synthesis of control policies in each failure- and attack- free sub-systems. The synthesized control policies compensate for the impacts of the faulty or compromised sub-systems to guarantee safety. We formulate sum-of-square optimization programs to compute the RSIs and the safety-ensuring control policies. We present a case study that applies our proposed approach on the temperature regulation of three coupled rooms. The case study demonstrates that control policies obtained using our algorithm guarantee system's safety constraints.

Published
2022

24. Safety-Critical Control Synthesis for Unknown Sampled-Data Systems via Control Barrier Functions

Author

Niu, Luyao, Zhang, Hongchao, and Clark, Andrew

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

As the complexity of control systems increases, safety becomes an increasingly important property since safety violations can damage the plant and put the system operator in danger. When the system dynamics are unknown, safety-critical synthesis becomes more challenging. Additionally, modern systems are controlled digitally and hence behave as sampled-data systems, i.e., the system dynamics evolve continuously while the control input is applied at discrete time steps. In this paper, we study the problem of control synthesis for safety-critical sampled-data systems with unknown dynamics. We overcome the challenges introduced by sampled-data implementation and unknown dynamics by constructing a set of control barrier function (CBF)-based constraints. By satisfying the constructed CBF constraint at each sampling time, we guarantee the unknown sampled-data system is safe for all time. We formulate a non-convex program to solve for the control signal at each sampling time. We decompose the non-convex program into two convex sub-problems. We illustrate the proposed approach using a numerical case study.

Published
2021

25. A Game-Theoretic Framework for Controlled Islanding in the Presence of Adversaries

Author

Niu, Luyao, Sahabandu, Dinuka, Clark, Andrew, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Controlled islanding effectively mitigates cascading failures by partitioning the power system into a set of disjoint islands. In this paper, we study the controlled islanding problem of a power system under disturbances introduced by a malicious adversary. We formulate the interaction between the grid operator and adversary using a game-theoretic framework. The grid operator first computes a controlled islanding strategy, along with the power generation for the post-islanding system to guarantee stability. The adversary observes the strategies of the grid operator. The adversary then identifies critical substations of the power system to compromise and trips the transmission lines that are connected with compromised substations. For our game formulation, we propose a double oracle algorithm based approach that solves the best response for each player. We show that the best responses for the grid operator and adversary can be formulated as mixed integer linear programs. In addition, the best response of the adversary is equivalent to a submodular maximization problem under a cardinality constraint, which can be approximated up to a $(1-\frac{1}{e})$ optimality bound in polynomial time. We compare the proposed approach with a baseline where the grid operator computes an islanding strategy by minimizing the power flow disruption without considering the possible response from the adversary. We evaluate both approaches using IEEE 9-bus, 14-bus, 30-bus, 39-bus, 57-bus, and 118-bus power system case study data. Our proposed approach achieves better performance than the baseline in about $44\%$ of test cases, and on average it incurs about 12.27 MW less power flow disruption.

Published
2021

26. Reinforcement Learning Beyond Expectation

Author

Ramasubramanian, Bhaskar, Niu, Luyao, Clark, Andrew, and Poovendran, Radha

Subjects
Computer Science - Machine Learning, Computer Science - Artificial Intelligence, Electrical Engineering and Systems Science - Systems and Control, Mathematics - Optimization and Control
Abstract

The inputs and preferences of human users are important considerations in situations where these users interact with autonomous cyber or cyber-physical systems. In these scenarios, one is often interested in aligning behaviors of the system with the preferences of one or more human users. Cumulative prospect theory (CPT) is a paradigm that has been empirically shown to model a tendency of humans to view gains and losses differently. In this paper, we consider a setting where an autonomous agent has to learn behaviors in an unknown environment. In traditional reinforcement learning, these behaviors are learned through repeated interactions with the environment by optimizing an expected utility. In order to endow the agent with the ability to closely mimic the behavior of human users, we optimize a CPT-based cost. We introduce the notion of the CPT-value of an action taken in a state, and establish the convergence of an iterative dynamic programming-based approach to estimate this quantity. We develop two algorithms to enable agents to learn policies to optimize the CPT-vale, and evaluate these algorithms in environments where a target state has to be reached while avoiding obstacles. We demonstrate that behaviors of the agent learned using these algorithms are better aligned with that of a human user who might be placed in the same environment, and is significantly improved over a baseline that optimizes an expected utility.

Published
2021

27. Scalable Planning in Multi-Agent MDPs

Author

Sahabandu, Dinuka, Niu, Luyao, Clark, Andrew, and Poovendran, Radha

Subjects
Computer Science - Multiagent Systems
Abstract

Multi-agent Markov Decision Processes (MMDPs) arise in a variety of applications including target tracking, control of multi-robot swarms, and multiplayer games. A key challenge in MMDPs occurs when the state and action spaces grow exponentially in the number of agents, making computation of an optimal policy computationally intractable for medium- to large-scale problems. One property that has been exploited to mitigate this complexity is transition independence, in which each agent's transition probabilities are independent of the states and actions of other agents. Transition independence enables factorization of the MMDP and computation of local agent policies but does not hold for arbitrary MMDPs. In this paper, we propose an approximate transition dependence property, called $\delta$-transition dependence and develop a metric for quantifying how far an MMDP deviates from transition independence. Our definition of $\delta$-transition dependence recovers transition independence as a special case when $\delta$ is zero. We develop a polynomial time algorithm in the number of agents that achieves a provable bound on the global optimum when the reward functions are monotone increasing and submodular in the agent actions. We evaluate our approach on two case studies, namely, multi-robot control and multi-agent patrolling example.

Published
2021

29. LQG Reference Tracking with Safety and Reachability Guarantees under Unknown False Data Injection Attacks

Author

Li, Zhouchi, Niu, Luyao, and Clark, Andrew

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

We investigate a linear quadratic Gaussian (LQG) tracking problem with safety and reachability constraints in the presence of an adversary who mounts an FDI attack on an unknown set of sensors. For each possible set of compromised sensors, we maintain a state estimator disregarding the sensors in that set, and calculate the optimal LQG control input at each time based on this estimate. We propose a control policy which constrains the control input to lie within a fixed distance of the optimal control input corresponding to each state estimate. The control input is obtained at each time step by solving a quadratically constrained quadratic program (QCQP). We prove that our policy can achieve a desired probability of safety and reachability using the barrier certificate method. Our control policy is evaluated via a numerical case study., Comment: 13 pages, 4 figures, extended version of a Transactions on Automatic Control paper

Published
2021
Full Text
View/download PDF

30. Control Barrier Functions for Abstraction-Free Control Synthesis under Temporal Logic Constraints

Author

Niu, Luyao and Clark, Andrew

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Temporal logic has been widely used to express complex task specifications for cyber-physical systems (CPSs). One way to synthesize a controller for CPS under temporal logic constraints is to first abstract the CPS as a discrete transition system, and then apply formal methods. This approach, however, is computationally demanding and its scalability suffers due to the curse of dimensionality. In this paper, we propose a control barrier function (CBF) approach to abstraction-free control synthesis under a linear temporal logic (LTL) constraint. We first construct the deterministic Rabin automaton of the specification and compute an accepting run. We then compute a sequence of LTL formulae, each of which must be satisfied during a particular time interval, and prove that satisfying the sequence of formulae is sufficient to satisfy the LTL specification. Finally, we compute a control policy for satisfying each formula by constructing an appropriate CBF. We present a quadratic program to compute the controllers, and show the controllers synthesized using the proposed approach guarantees the system to satisfy the LTL specification, provided the quadratic program is feasible at each time step. A numerical case study is presented to demonstrate the proposed approach.

Published
2020
Full Text
View/download PDF

31. Privacy-Preserving Resilience of Cyber-Physical Systems to Adversaries

Author

Ramasubramanian, Bhaskar, Niu, Luyao, Clark, Andrew, Bushnell, Linda, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control, Computer Science - Cryptography and Security, Computer Science - Logic in Computer Science, Mathematics - Optimization and Control
Abstract

A cyber-physical system (CPS) is expected to be resilient to more than one type of adversary. In this paper, we consider a CPS that has to satisfy a linear temporal logic (LTL) objective in the presence of two kinds of adversaries. The first adversary has the ability to tamper with inputs to the CPS to influence satisfaction of the LTL objective. The interaction of the CPS with this adversary is modeled as a stochastic game. We synthesize a controller for the CPS to maximize the probability of satisfying the LTL objective under any policy of this adversary. The second adversary is an eavesdropper who can observe labeled trajectories of the CPS generated from the previous step. It could then use this information to launch other kinds of attacks. A labeled trajectory is a sequence of labels, where a label is associated to a state and is linked to the satisfaction of the LTL objective at that state. We use differential privacy to quantify the indistinguishability between states that are related to each other when the eavesdropper sees a labeled trajectory. Two trajectories of equal length will be differentially private if they are differentially private at each state along the respective trajectories. We use a skewed Kantorovich metric to compute distances between probability distributions over states resulting from actions chosen according to policies from related states in order to quantify differential privacy. Moreover, we do this in a manner that does not affect the satisfaction probability of the LTL objective. We validate our approach on a simulation of a UAV that has to satisfy an LTL objective in an adversarial environment., Comment: Accepted to the IEEE Conference on Decision and Control (CDC), 2020

Published
2020

32. Secure Control in Partially Observable Environments to Satisfy LTL Specifications

Author

Ramasubramanian, Bhaskar, Niu, Luyao, Clark, Andrew, Bushnell, Linda, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control, Computer Science - Cryptography and Security, Computer Science - Computer Science and Game Theory, Computer Science - Logic in Computer Science
Abstract

This paper studies the synthesis of control policies for an agent that has to satisfy a temporal logic specification in a partially observable environment, in the presence of an adversary. The interaction of the agent (defender) with the adversary is modeled as a partially observable stochastic game. The goal is to generate a defender policy to maximize satisfaction of a given temporal logic specification under any adversary policy. The search for policies is limited to the space of finite state controllers, which leads to a tractable approach to determine policies. We relate the satisfaction of the specification to reaching (a subset of) recurrent states of a Markov chain. We present an algorithm to determine a set of defender and adversary finite state controllers of fixed sizes that will satisfy the temporal logic specification, and prove that it is sound. We then propose a value-iteration algorithm to maximize the probability of satisfying the temporal logic specification under finite state controllers of fixed sizes. Lastly, we extend this setting to the scenario where the size of the finite state controller of the defender can be increased to improve the satisfaction probability. We illustrate our approach with an example., Comment: Provisionally accepted to the IEEE Transactions on Automatic Control. arXiv admin note: text overlap with arXiv:1903.06873

Published
2020

33. Control Synthesis for Cyber-Physical Systems to Satisfy Metric Interval Temporal Logic Objectives under Timing and Actuator Attacks

Author

Niu, Luyao, Ramasubramanian, Bhaskar, Clark, Andrew, Bushnell, Linda, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

This paper studies the synthesis of controllers for cyber-physical systems (CPSs) that are required to carry out complex tasks that are time-sensitive, in the presence of an adversary. The task is specified as a formula in metric interval temporal logic (MITL). The adversary is assumed to have the ability to tamper with the control input to the CPS and also manipulate timing information perceived by the CPS. In order to model the interaction between the CPS and the adversary, and also the effect of these two classes of attacks, we define an entity called a durational stochastic game (DSG). DSGs probabilistically capture transitions between states in the environment, and also the time taken for these transitions. With the policy of the defender represented as a finite state controller (FSC), we present a value-iteration based algorithm that computes an FSC that maximizes the probability of satisfying the MITL specification under the two classes of attacks. A numerical case-study on a signalized traffic network is presented to illustrate our results.

Published
2020
Full Text
View/download PDF

34. Linear Temporal Logic Satisfaction in Adversarial Environments using Secure Control Barrier Certificates

Author

Ramasubramanian, Bhaskar, Niu, Luyao, Clark, Andrew, Bushnell, Linda, and Poovendran, Radha

Subjects
Electrical Engineering and Systems Science - Systems and Control, Computer Science - Computer Science and Game Theory, Computer Science - Logic in Computer Science
Abstract

This paper studies the satisfaction of a class of temporal properties for cyber-physical systems (CPSs) over a finite-time horizon in the presence of an adversary, in an environment described by discrete-time dynamics. The temporal logic specification is given in safe-LTL_F, a fragment of linear temporal logic over traces of finite length. The interaction of the CPS with the adversary is modeled as a two-player zero-sum discrete-time dynamic stochastic game with the CPS as defender. We formulate a dynamic programming based approach to determine a stationary defender policy that maximized the probability of satisfaction of a safe-LTL_F formula over a finite time-horizon under any stationary adversary policy. We introduce secure control barrier certificates (S-CBCs), a generalization of barrier certificates and control barrier certificates that accounts for the presence of an adversary, and use S-CBCs to provide a lower bound on the above satisfaction probability. When the dynamics of the evolution of the system state has a specific underlying structure, we present a way to determine an S-CBC as a polynomial in the state variables using sum-of-squares optimization. An illustrative example demonstrates our approach., Comment: Proc. of GameSec2019 (to appear). This version corrects a typo in the simulation, and clarifies some ambiguous material from the Proceedings version

Published
2019

39. Optimal Secure Control with Linear Temporal Logic Constraints

Author

Niu, Luyao and Clark, Andrew

Subjects
Electrical Engineering and Systems Science - Systems and Control
Abstract

Prior work on automatic control synthesis for cyber-physical systems under logical constraints has primarily focused on environmental disturbances or modeling uncertainties, however, the impact of deliberate and malicious attacks has been less studied. In this paper, we consider a discrete-time dynamical system with a linear temporal logic (LTL) constraint in the presence of an adversary, which is modeled as a stochastic game. We assume that the adversary observes the control policy before choosing an attack strategy. We investigate two problems. In the first problem, we synthesize a robust control policy for the stochastic game that maximizes the probability of satisfying the LTL constraint. A value iteration based algorithm is proposed to compute the optimal control policy. In the second problem, we focus on a subclass of LTL constraints, which consist of an arbitrary LTL formula and an invariant constraint. We then investigate the problem of computing a control policy that minimizes the expected number of invariant constraint violations while maximizing the probability of satisfying the arbitrary LTL constraint. We characterize the optimality condition for the desired control policy. A policy iteration based algorithm is proposed to compute the control policy. We illustrate the proposed approaches using two numerical case studies.

Published
2019
Full Text
View/download PDF

40. A Differentially Private Incentive Design for Traffic Offload to Public Transportationx

Author

Niu, Luyao and Clark, Andrew

Subjects
Computer Science - Computers and Society, Computer Science - Cryptography and Security
Abstract

Increasingly large trip demands have strained urban transportation capacity, which consequently leads to traffic congestion and rapid growth of greenhouse gas emissions. In this work, we focus on achieving sustainable transportation by incentivizing passengers to switch from private cars to public transport. We address the following challenges. First, the passengers incur inconvenience costs when changing their transit behaviors due to delay and discomfort, and thus need to be reimbursed. Second, the inconvenience cost, however, is unknown to the government when choosing the incentives. Furthermore, changing transit behaviors raises privacy concerns from passengers. An adversary could infer personal information, (e.g., daily routine, region of interest, and wealth), by observing the decisions made by the government, which are known to the public. We adopt the concept of differential privacy and propose privacy-preserving incentive designs under two settings, denoted as two-way communication and one-way communication. Under two-way communication, passengers submit bids and then the government determines the incentives, whereas in one-way communication the government simply sets a price without acquiring information from the passengers. Under one-way communication, we focus on how the government should design the incentives without revealing passengers' inconvenience costs while still preserving differential privacy. We formulate the problem as a convex program, and propose a differentially private and near-optimal solution algorithm. A numerical case study using Caltrans Performance Measurement System (PeMS) data source is presented as evaluation. The results show that the proposed approaches achieve a win-win situation in which both the government and passengers obtain non-negative utilities.

Published
2019

44. Minimum Violation Control Synthesis on Cyber-Physical Systems under Attacks

Author

Niu, Luyao, Fu, Jie, and Clark, Andrew

Subjects
Electrical Engineering and Systems Science - Systems and Control, Computer Science - Robotics
Abstract

Cyber-physical systems are conducting increasingly complex tasks, which are often modeled using formal languages such as temporal logic. The system's ability to perform the required tasks can be curtailed by malicious adversaries that mount intelligent attacks. At present, however, synthesis in the presence of such attacks has received limited research attention. In particular, the problem of synthesizing a controller when the required specifications cannot be satisfied completely due to adversarial attacks has not been studied. In this paper, we focus on the minimum violation control synthesis problem under linear temporal logic constraints of a stochastic finite state discrete-time system with the presence of an adversary. A minimum violation control strategy is one that satisfies the most important tasks defined by the user while violating the less important ones. We model the interaction between the controller and adversary using a concurrent Stackelberg game and present a nonlinear programming problem to formulate and solve for the optimal control policy. To reduce the computation effort, we develop a heuristic algorithm that solves the problem efficiently and demonstrate our proposed approach using a numerical case study.

Published
2018
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results