CPC G06N 3/08 (2013.01) [G06N 20/00 (2019.01)] | 15 Claims |
1. An attack system for generating perturbations of input signals to a Target recurrent neural network (RNN) based anomaly detector system configured to receive input sensor signals and produce outputs, the attack system comprising:
one or more processors and a non-transitory computer-readable medium having executable instructions encoded thereon such that when executed, the one or more processors perform operations of:
training a reinforcement learning agent to determine a magnitude of a perturbation with which to attack the Target RNN based anomaly detector system, wherein training the reinforcement learning agent comprises presenting, at each time step, unattacked sensor data comprising a known property to attack to the reinforcement learning agent in temporal order,
wherein the reinforcement learning agent receives time series sensor readings and outputs a set of attack parameters sampled from a probability distribution over a set of perturbation magnitudes;
altering, in real-time, the time series sensor readings with at least one perturbation at the determined magnitude to generate a perturbed input signal, the perturbed input signal being altered so as to prevent the Target RNN based anomaly detector system from correctly predicting a presence of an anomaly;
presenting, in real-time, the perturbed input sensor signal to the Target RNN based anomaly detector system such that the Target RNN based anomaly detector system produces a prediction of a presence of an anomaly in the Target RNN based anomaly detector system; and
using the prediction, identifying a failure of the Target RNN based anomaly detector system based on a failure to correctly predict the presence of the anomaly.
|