ReLUSyn: Synthesizing stealthy attacks for deep neural network-based safety-critical cyber-physical systems: student research abstract

Safety-critical cyber-physical systems have become an important part of our society. The controllers for safety-critical systems have recently been leveraging the research progress in Deep Neural Networks (DNNs) in order to construct data-driven models with high safety and reliability properties. There have been multiple approaches that are being used to enforce properties such as safety and stability on the models obtained after training in order to obtain robust neural networks. We provide a systematic approach in order to synthesize stealthy attacks on safety-critical CPS, given DNNs are being used as the underlying models for capturing the system behavior and taking future decisions. We focus on conducting an input-output range analysis for neural networks. Our technique is based on encoding non-linear DNNs Mixed Integer Linear Programming (MILP) in order to synthesize the data ranges for the attacker which can lead to malicious actions without being detected. This approach can be generalized to synthesize tailored stealthy attacks based on different user behaviors.