Deploying Adversarially Robust Learning Enabled Components for Cyber Physical Systems

Abstract

Cyber-physical systems (CPS) lie at the intersection of computing and the physical world. Due to the recent progress of AI/ML, computerized supports in sensor data processing have evolved to a smarter era by the deployments of learning-enabled components (LECs). However, recent research have revealed the inherent vulnerabilities of LECs, where limited human interventions could lead to obvious prediction failures and thus unreliable decision making. Current research works have shown that these potential threats may stem from different model deployment locations and phases. On the other hand, tremendous works have also shown the efficiency of more resilient LEC deployment in mitigating this kind of problems from both theoretical and practical aspects. This dissertation aims to to improve the resilience and robustness of LEC deployment in various different cases and settings. We first consider the scenario of smart grid load prediction and develop a dynamic data repair framework to address adversarial vulnerabilities from partial compromise of sensor network data. We further study the adversarial robustness threat in prognostics and health management systems and investigate whether incorporating semantic knowledge into LEC deployments would help overcome this kind of threat. As all LEC deployments eventually have to be placed on certain hardware platforms, then we put attention on the hardware availability of LEC executions in various cloud/edge scenarios. Several guideline principles for efficient LEC deployments on edge hardware platforms ranging from CPU,GPU, FPGA, ASIC and even tiny MCU are revealed and proposed. Finally, we propose a robustness-driven model deployment workflow mitigating the adversarial impacts across these hardware platforms.