Adversarial attacks on industrial soft sensors: Multi-target attacks based on diffusion models

IF 6.8 1区计算机科学 0 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information Sciences Pub Date : 2025-09-27 DOI:10.1016/j.ins.2025.122732

Qingchao Jiang , Shihao Fan , Zhiying Zhu , Zhenxuan Hou , Weimin Zhong , Lei Tan , Zhenxing Qian , Xinpeng Zhang

{"title":"Adversarial attacks on industrial soft sensors: Multi-target attacks based on diffusion models","authors":"Qingchao Jiang , Shihao Fan , Zhiying Zhu , Zhenxuan Hou , Weimin Zhong , Lei Tan , Zhenxing Qian , Xinpeng Zhang","doi":"10.1016/j.ins.2025.122732","DOIUrl":null,"url":null,"abstract":"<div><div>Industrial soft sensors serve as critical instruments for real-time monitoring and quality prediction in complex industrial systems, including chemical processing and energy production. While adversarial attacks on these sensors have garnered extensive attention, a critical gap persists: existing methods are fundamentally limited to single-target objectives. They fail to address inherent multi-variable couplings in industrial processes, limiting applicability in real-world scenarios requiring coordinated control of interdependent variables. To bridge this gap, this paper introduces a multi-target adversarial example attack framework based on diffusion models (DMAA) for the first time, which integrates noise scheduling and inverse denoising processes to generate adversarial examples that are more reasonable and invisible. The framework incorporates a multi-target attack optimization module, which facilitates targeted bias control for several key variables after the noise is added. Subsequently, it leverages a multilayer perceptron to effectively predict noise and generate adversarial examples, thereby driving the multi-target prediction outcomes to diverge from the actual ground truth. In case study of the sulfur recovery unit dataset (SRU), compared to existing methods, the proposed method shows significant advantages in attack effectiveness and stealth, providing new insights for the security evaluation and defense mechanism design of industrial soft sensors.</div></div>","PeriodicalId":51063,"journal":{"name":"Information Sciences","volume":"725 ","pages":"Article 122732"},"PeriodicalIF":6.8000,"publicationDate":"2025-09-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Sciences","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0020025525008680","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"0","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Industrial soft sensors serve as critical instruments for real-time monitoring and quality prediction in complex industrial systems, including chemical processing and energy production. While adversarial attacks on these sensors have garnered extensive attention, a critical gap persists: existing methods are fundamentally limited to single-target objectives. They fail to address inherent multi-variable couplings in industrial processes, limiting applicability in real-world scenarios requiring coordinated control of interdependent variables. To bridge this gap, this paper introduces a multi-target adversarial example attack framework based on diffusion models (DMAA) for the first time, which integrates noise scheduling and inverse denoising processes to generate adversarial examples that are more reasonable and invisible. The framework incorporates a multi-target attack optimization module, which facilitates targeted bias control for several key variables after the noise is added. Subsequently, it leverages a multilayer perceptron to effectively predict noise and generate adversarial examples, thereby driving the multi-target prediction outcomes to diverge from the actual ground truth. In case study of the sulfur recovery unit dataset (SRU), compared to existing methods, the proposed method shows significant advantages in attack effectiveness and stealth, providing new insights for the security evaluation and defense mechanism design of industrial soft sensors.

查看原文本刊更多论文

工业软传感器的对抗性攻击：基于扩散模型的多目标攻击

工业软传感器是复杂工业系统中实时监测和质量预测的关键工具，包括化学加工和能源生产。虽然对这些传感器的对抗性攻击已经引起了广泛的关注，但一个关键的差距仍然存在：现有的方法基本上仅限于单一目标。它们无法解决工业过程中固有的多变量耦合，限制了在需要协调控制相互依赖变量的现实场景中的适用性。为了弥补这一缺陷，本文首次引入了一种基于扩散模型（DMAA）的多目标对抗示例攻击框架，该框架将噪声调度和逆去噪过程相结合，生成更加合理和不可见的对抗示例。该框架引入了多目标攻击优化模块，可以在加入噪声后对多个关键变量进行针对性的偏置控制。随后，它利用多层感知器有效地预测噪声并生成对抗样例，从而驱动多目标预测结果偏离实际地面真相。以硫磺回收单元数据集（SRU）为例，与现有方法相比，该方法在攻击有效性和隐身性方面具有显著优势，为工业软传感器的安全评估和防御机制设计提供了新的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Sciences 工程技术-计算机：信息系统

CiteScore

14.00

自引率

17.30%

发文量

1322

审稿时长

10.4 months

期刊介绍： Informatics and Computer Science Intelligent Systems Applications is an esteemed international journal that focuses on publishing original and creative research findings in the field of information sciences. We also feature a limited number of timely tutorial and surveying contributions. Our journal aims to cater to a diverse audience, including researchers, developers, managers, strategic planners, graduate students, and anyone interested in staying up-to-date with cutting-edge research in information science, knowledge engineering, and intelligent systems. While readers are expected to share a common interest in information science, they come from varying backgrounds such as engineering, mathematics, statistics, physics, computer science, cell biology, molecular biology, management science, cognitive science, neurobiology, behavioral sciences, and biochemistry.