EE7700 ML for CPS
Blog Post 07 – Paper: Resilient Machine Learning for Networked Cyber Physical Systems: A Survey for Machine Learning Security to Securing Machine Learning for CPS.
Instructor: Dr. Xugui Zhou
Presentation by Group 7: Paul Yeon, Faiza Dad
Summarized by Group 8: Duc Long Vu, Abdulla Asad
Summary: This paper proposed a systematic view about achieving the resilient CPS system by applying ML algorithms. They also discuss the interaction between the ML and CPS. Also point out that ML also faces vulnerability itself. Many aspects of achieving resilient CPS by using ML and resilient ML model are discussed along with promising future research directions.
Slide by Slide Description:
Slide 1-6: Provide overview of the paper/ overview machine learning and also the ML in CPS, adversarial ML.
Slide 7: Provide some related work, recent works on ML security and CPS resilience
Slide 8: Provide the motivation and purpose of the paper, this paper focusing on providing knowledge and close gap between ML and CPS as well as raise the concern that even the ML help CPS but ML itself also vulnerabilities.
Slide 9: Give structure about the ML overview, apply ML in CPS, ML to improve the resilience of CPS, adversarial ML and CPS, secure ML.
Slide 10-11: Explain the categories of ML algorithms: 3 types of ML: unsupervised, supervised, RL.
Slide 12-13: Supervised learning algorithm explanation and main task of SL are classification and regression
Slide 13: Application of SL in CPS system with ANN for classification and regression, SVM for outlier detection and classification and KNN for data mining, intrusion detection.
Slide 14: Explanation about the concept unsupervised learning and its common task like dimension reduction, density estimation, visualization,etc
Slide 15: Explain KNN and PCA algorithm and their application of unsupervised learning in CPS system with clustering with Kmeans and PCA for dimension reduction
Slide 16-17: Giving overview about Reinforcement Learning, key elements include agents, policy, reward signal, value functions, etc
Slide 17: Some common RL algorithms such as Q-learning and DQN, with their mechanism and also application in autonomous vehicles
Slide 18-19: Giving overview about Deep Learning and its application in CPS such as the Autonomous vehicles, analyzing the sensor data in industrial or medical with RNN, Autoencoder
Section III: ML application in CPS
Slide 20 - 21 - 22: Explain why CPS is important and how ML can help CPS system in some task such as detection malware, resource allocation, etc, ….
Slide 23-24: Giving some application examples of CPS in vehicular CPS such as vehicular ad-hoc network, advanced driver assistance system, Vanet Communication with explanation like V2V or V2I communication. Also some defense approaches such as blockchain, ML and DL for anomaly detection, etc
Slide 25-26-27: CPS used in industrial with security applications, medical CPS systems, some case study.
Slide 28-29: Application of ML in Smart Grid and also some security challenges in smart grid. Some common attacks such as DoS and FDI
Slide 30: Reinforcement learning application in CPS by quality assurance and power systems by using Rol as falsification tools, or using Deep RL to optimize the energy costs, using Q learning for modeling adversarial activities to predict and defense against attacks
ML application for resilient CPS
Slide 32: About the Attack detection in CPS. The attack detection in CPS is different from IT systems since it is involving the physical parts. With some examples using statistical and physical domain knowledge, DL and analysis between time series data to detect attack
Slide 33-34: Giving some reference about the ML application for attack detection in CPS and apply for resilient CPS system
Slide 35: CPS requires confidentiality, integrity and availability and reliability. Especially in the dynamic conditions
Slide 36-37-38-39: Generative adversarial network in CPS not only use for attack but also defense method by generating malicious sample, and the role of GAN in defense by detecting adversarial through the addition of fake samples, etc. And provide some others useful uses for GAN.
V - Adversarial Machine Learning and CPS
Slide 41: Giving introduction about the AML involve compromise the ML algorithm and output consequently. Provide some background information about the exploration applying AML to CPS.
Slide 42: Some literature review about ML affected by adversarial input, and a shift of interest towards making better defense against attacks on CPS
Slide 43: Classification of tracks on ML base on goals, attack stage, level of information obtained
Slide 44: Attacked based on goal of the attacker. There are three goals confidence reduction, misclassification and targeted misclassification.
Slide 45: Attack also based on the stage, attack the training mostly easier than the testing since modifying the training data will making affect until the end of process,
Slide 46: There are three types of attack white box, which structure architecture of model is known. Gray or Blackbox attack, when the information about the target limitation, no knowledge. We investigate the attack based on the input and output relationship
Slide 47: Provide general information about methods to craft adversarial example in DNN model, mostly adding a small noise to the sample which does not make the different can be captured by naked eyes. And gradient based method in perturbation will affect CPS like self-driving care where image based decision is crucial
Slide 48: Introduce about the FGSM method, a simple method that using noise and the sign of gradient of model loss function wrt the input vector into sample can fool the DL model
Slide 49: Giving some additional information, different types of FGSM model that can have iterative variant, FGSM is quick and cheap, easy to test adversarial training method
Slide 50: BIM method which is iterative variant of the FGSM with noise term applied many times with small magnitude, it provide better performance than base FGSM
Slide 51: Provide information about eh JSMA attach with iterative approach focusing targeted misclassification using derivative information of the DNN
Slide 52: Provide information about C&W attack based on norm 0, 2 and infinity, making the neural network misclassify and posited as test benchmark
Slide 53: Introduce Deep fool attack using geometry approach with L2 norm minimization to finding adversarial example
Slide 54: Provide information about ATN: train a different network to attack another target network
Slide 55-56: Give some adversarial attacks in RL, using DNN to approximate the action value function, a policy that can make adversarial attacks
Slide 57-58-59-60: Secure and resilient in ML and RL. Provide some defense strategy to defense against adversarial attacks in DL: Need to scarify accuracy, but with acceptable rate
Slide 61-62-63: Discuss some research challenges and also the future direction in ML system, some follow up work. Such as Federated Learning, and the unadaptable of the Adversarial training so need adaptive method.
Conclusion:
This paper provides a comprehensive review about Machine Learning and its applications in CPS system. Overall ML can help the CPS work better and provide resilience for the CPS system. However, the ML algorithm itself faces vulnerability, hence improving the resilience for the ML algorithm in CPS system also requires exploration and that could make the CPS system aid ML more efficient and robust. Some potential directions are also discussed.
Q/A: No QA since it’s out of time
Discussion:
Q1. What would consider the most important params to learn about a network if using GAN against a black box CPS net?
Q2. Any novel NN architecture would consider adding to a GAN for attack or defense as part of the base architecture?
Q3. Defense architectures of GAN and AML can stay ahead the game? Anticipate new attack architecture/methods before they are brought out and use to sabotage?
