Building Robust Deep Learning Models for Securing the Multi-domain Interactions of Autonomous Cyber-Physical Systems

Abstract

Building secure cyber-physical systems (CPS) using robust AI/ML techniques for various defense applications is of paramount interest. The diverse set of malware and adversaries present in cyber environments inject malicious data to create perturbations to the input data streams or fabricate the pretrained ML models by changing the model parameters over the communication channel. Needless to say, that such efforts compromise the computational methods in place and misguide them from preserving integrity and ensuring the inherent security policies and properties of autonomous cyber-physical systems. Adversarial attacks happen at different stages, including sensing, communication, computation, prediction, and inference pipeline of an autonomous CPS model based on the adversaries# specific purposes, goals, objectives, and different types of threats they want to impose or attacks they want to persuade. In this project, we assume that adversaries add noise to the communication channels in order to make ML models or malicious datasets that lead toincorrect classifications.Unauthorized communication channel interception may expose critical strategic information to the opposingside. One possible use case in the marine environment can be detecting when opposing sea vessels can be camouflaged and cross the security perimeter. If such security breaches are not detected in time, they can cause significant damage to valuable physical properties. In this project, we plan to build and integrate a deep learning enabled robust cyber-physical system model that can detect andclassify those camouflaged objects, whether they are friends or foes, to help strengthen the secure interactions between valuable multi-domain assets in the Navy#s cyber-physical arsenal.Deep learning is one of the most popular choices to enable cyber-physical systems with these kinds of capabilities. Nonetheless, in conventional deep learning, a huge amount of data needs to be collected and sent to a central server to train the ML models. This process increases the threat to data security as raw information can be traceddown from the communication channel. Also, if the central server firewall can be breached, there is a possibility that all the valuable information may be lost at once. As a solution to this, the federated learning-based approach was introduced recently, where the need for raw data transfer to the server was eliminated. Instead, the clients, who are the data owners, will train the model with their own data and send the weight updates. All the updates from all the clients will be accumulated on the server to build the final model. However, there are some inherent limitations in a vanilla federated learning setting. To build an end-to-end solution that addresses those issues, we propose two novel research ideas. We propose to build a class distribution-aware compressive federated learning algorithm with an adversarial training setup in Aim 1. In Aim 2, we plan to utilize the federated learning architecture, but instead of model compression and adversarial training, we plan to integrate a few-shot model with deep metric learning. We plan to implement and validate our proposed model architectures for camouflaged object detection applications. In the following, we articulate the specific research challenges, and our proposed research aims and research tasks under each individual aim for this project.

Document Details

Document Type

DoD Grant Award

Publication Date

Jan 12, 2023

Source ID

N000142312119

Entities

Tags