Data-free stealing attack and defense strategy for industrial fault diagnosis system

Abstract

In modern industry, data-driven fault diagnosis models have been widely applied, which greatly ensures the safety of the system. However, these data-driven fault diagnosis models are vulnerable to adversarial attacks, where small perturbations on samples can lead to incorrect prediction results. To ensure the security of fault diagnosis systems, it is necessary to design adversarial attack models and corresponding defense strategies, and apply them to the fault diagnosis system. Considering that the training data and internal structure of the fault diagnosis model are not available to the attacker, this paper designs a data-free model stealing attack strategy. Specifically, the strategy generates training data by designing a data generator and uses knowledge distillation to train an substitute model to the attacked model. Then, the output of the substitute model guides the update of the generator. By iteratively training the generator and the substitute model, a satisfactory substitute model is obtained. Next, a white-box attack method is used to attack the substitute model and generate adversarial samples, achieving black-box attacks on the model to be attacked. To counter this data-free stealing attack, this paper proposes a corresponding adversarial training defense strategy, which utilizes the original model to generate adversarial samples for adversarial training. The effectiveness of the proposed attack strategy and defense method is validated through experiments on the Tennessee Eastman process dataset. This research contributes several insights into securing machine learning within fault diagnosis systems, ensuring robust fault diagnosis in industrial processes.