Abstract:Deep learning-based soft sensors (DLSSs) have been demonstrated to exhibit significantly improved sensing accuracy; however, their vulnerability to adversarial attacks affects their reliability, thus hindering their widespread application. To improve the reliability of DLSSs, in this article, we conducted a systematic investigation of the adversarial attack and defense of DLSSs. By considering the task requirements of DLSSs and the actual scenarios that attackers may encounter, a framework based on black-box attack and proactive defense was proposed to realize the adversarial attack and defense of soft sensors. The adversarial attack was implemented through the proposed knowledge-guided adversarial attack (KGAA) method. By reconstructing the optimization model and introducing the mechanism knowledge into the objective function, the KGAA method could overcome the ill-posed problem of adversarial attack optimization when attacking a regression model. Moreover, based on the KGAA, a corresponding KGAA adversarial training defense method was proposed to achieve proactive defense. The attack and defense methods were verified in terms of the thermal deformation sensing of an air preheater rotor. Compared to other attacks, the KGAA exhibited higher imperceptibility, rationality, and stability; it can thus be considered a practical attack. The implementation of KGAA adversarial training enhances the adversarial robustness of DLSSs, thus aiding the defense of DLSSs to various attacks and improving their reliability.

When Deep Learning-Based Soft Sensors Encounter Reliability Challenges: A Practical Knowledge-Guided Adversarial Attack and Its Defense