Data-Driven Control from Poisoned Data: Fundamental Limitations and Secure DeePC
Abstract: We study a data-driven control problem in the presence of arbitrary data poisoning attacks. We assume that a subset of offline output data is stored in unprotected locations and may be poisoned by an adversary. We first establish fundamental limitations for data-driven control arising from such poisoned data: poisoning attacks are not detected/identified from the dataset alone; unprotected data are non-informative for controller design with worst-case guarantees; and hard constraints on unprotected outputs are not certifiable. Motivated by these limitations and the data-enabled predictive control (DeePC) technique, we propose Secure DeePC, a data-driven control algorithm that is resilient against poisoning attacks. It first runs output-truncated DeePC using only the protected dataset until the online input becomes persistently exciting. It then uses online measurements to reconstruct the partial offline dataset, and finally returns to full-output DeePC. Secure DeePC achieves MPC-equivalent performance in finite time almost surely under certain conditions. Simulation results illustrate the efficacy of the proposed framework against poisoning attacks.
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.