Adversarial attacks are malicious data modifications aiming to deteriorate the outputs of machine learning models and data-driven decision-making processes. The concept of adversarial attacks stems from computer science, and researchers have tested such data modifications in many fields that use data-driven decision-making processes. Still, no works are testing the impact of adversarial attacks on the operation of industrial processes, e.g., in the chemical industry. The transition to electricity supply via renewable electricity sources calls for flexible operation of industrial processes as an enabling technology to adapt modern energy grids and systems. Large-scale industrial electricity consumers can buy electricity at variable electricity prices from the European Power Exchange (EPEX) platform. If the electricity consumption is shifted in time, significant savings can be achieved by shifting to lower electricity prices via a process called demand side management DSM. Deciding on schedules for DSM is difficult, and operators often support their decisions via mathematical optimization and data-driven decision-making. While known approaches for DSM via data-driven methods are established to be successful, the increased automation and use of data-driven tools also opens the door to external interference, e.g., via adversarial attacks. The proposed project aims to conduct a broad investigation of adversarial attacks on flexible process operation and DSM. Here, the typical workflow of DSM poses a particular challenge as the decision-making process involves forecasting critical parameters and solving large-scale numerical optimization problems, i.e., the decision-making process involves multiple steps. Thus, standard adversarial attack methods do not translate to attacks on DSM. Instead, this project will develop new paradigms to infiltrate secure company boundaries and attack the multi-step decision-making process of DSM. Based on the applicant's prior work on adversarial attacks, this project evaluates the composition of industrial processes and how characteristics, e.g., storage or ramping limits, impact the severity of the attack. Furthermore, this project will establish a baseline of analysis methods to quantify the impact of adversarial attacks on DSM and use these new quantifications to design detection methods to identify attacks during the deployment of the data-driven decision-making process.

DFG Programme Research Grants