Sensor systems are extremely popular today and vulnerable to sensor data attacks. Due to possible devastating consequences, counteracting sensor data attacks is an extremely important topic, which has not seen sufficient study. This paper develops the first methods that accurately identify/eliminate only the problematic attacked sensor data presented to a sequence estimation/regression algorithm under a powerful attack model constructed based on known/observed attacks. The approach does not assume a known form for the statistical model of the sensor data, allowing data-driven and machine learning sequence estimation/regression algorithms to be protected. A simple protection approach for attackers not endowed with knowledge of the details of our protection approach is first developed, followed by additional processing for attacks based on protection system knowledge. In the cases tested for which it was designed, experimental results show that the simple approach achieves performance indistinguishable, to two decimal places, from that for an approach which knows which sensors are attacked. For cases where the attacker has knowledge of the protection approach, experimental results indicate the additional processing can be configured so that the worst-case degradation under the additional processing and a large number of sensors attacked can be made significantly smaller than the worst-case degradation of the simple approach, and close to an approach which knows which sensors are attacked, for the same number of attacked sensors with just a slight degradation under no attacks. Mathematical descriptions of the worst-case attacks are used to demonstrate the additional processing will provide similar advantages for cases for which we do not have numerical results. All the data-driven processing used in our approaches employ only unattacked training data.

翻译：传感器系统在当今极为普及，且易受传感器数据攻击。由于可能造成毁灭性后果，对抗传感器数据攻击是一个极其重要但尚未得到充分研究的课题。本文首次开发了在基于已知/已观测攻击构建的强大攻击模型下，能够准确识别/剔除仅呈现给序列估计/回归算法的受攻击问题传感器数据的方法。该方法不假设传感器数据统计模型具有已知形式，从而使得数据驱动和机器学习序列估计/回归算法能够得到保护。首先针对不具备我方保护方法细节知识的攻击者开发了一种简单保护方法，随后针对基于保护系统知识的攻击增加了额外处理。在为其设计的测试案例中，实验结果表明，简单方法的性能（精确到小数点后两位）与已知受攻击传感器的处理方法无异。对于攻击者知晓保护方法的情况，实验结果表明，可通过配置额外处理使得在额外处理及大量传感器受攻击下的最坏性能退化显著小于简单方法的最坏退化，并且在相同受攻击传感器数量下，其性能接近已知受攻击传感器的处理方法，仅在无攻击时存在轻微性能下降。利用最坏情况攻击的数学描述，我们论证了额外处理将在未获得数值结果的案例中提供类似优势。本方法中使用的所有数据驱动处理仅采用未受攻击的训练数据。