English

Adversarial Destabilization Attacks to Direct Data-Driven Control

Systems and Control 2026-04-09 v2 Systems and Control

Abstract

This study explores the vulnerability of direct data driven control, particularly in the linear quadratic regulator (LQR) problem, to adversarial perturbations in offline collected data. We focus on stealthy attacks that subtly alter training data to destabilize the closed-loop system while evading detection. To craft such attacks, we propose Directed Gradient Sign Method (DGSM) and its iterative variant (I-DGSM), which adapt techniques from adversarial machine learning to align perturbations with the gradient of the closed-loop spectral radius. A key technical contribution is an efficient and exact gradient computation method using implicit differentiation through the Karush-Kuhn-Tucker conditions of the underlying semidefinite program. For defense, we introduce two strategies: (i) regularization to reduce controller sensitivity, and (ii) robust data-driven control that ensures stability under bounded perturbations. Experiments across benchmark systems reveal that even imperceptibly small perturbations, up to ten times smaller than random noise, can lead to instability, while the proposed defenses significantly reduce attack success rates with minimal performance loss. We also assess transferability under partial knowledge, demonstrating the importance of protecting training data. This work highlights critical security risks in data driven control and proposes practical methods for both attack and defense.

Keywords

Cite

@article{arxiv.2507.14863,
  title  = {Adversarial Destabilization Attacks to Direct Data-Driven Control},
  author = {Hampei Sasahara},
  journal= {arXiv preprint arXiv:2507.14863},
  year   = {2026}
}

Comments

17 pages, Accepted Manuscript in Automatica

R2 v1 2026-07-01T04:09:46.283Z