ML Security Research Areas

Physical Adversarial Attack on Vision Systems

Focuses on real-world adversarial perturbations, including dynamic and shape-sensitive patches, transferable ViT-based attacks, and weather-like camera-lens effects, that mislead vision systems in tasks such as person detection, depth estimation, and autonomous driving.

Paper 1: DAP: A Dynamic Adversarial Patch for Evading Person Detectors

Paper 2: SSAP: A Shape-Sensitive Adversarial Patch for Comprehensive Disruption of Monocular Depth Estimation in Autonomous Navigation Applications

Adversarial Defenses For Vision Systems

Provides robust vision defenses that detect, transform, or block adversarial perturbations, including patch-based attacks, transferable attacks, and attacks on quantized or embedded EdgeAI vision models.

Paper 1: DRIFT: Divergent Response in Filtered Transformations for Robust Adversarial Defense

Paper 2: TriQDef: Disrupting Semantic and Gradient Alignment to Prevent Adversarial Patch Transferability in Quantized Neural Networks

Backdoor Attacks and Threats

Focuses on stealthy trigger-based attacks that compromise ML systems across domains, including object detection in ADAS, GNN-based hardware-security systems, and SNNs vulnerable to externally triggered bit-flip faults.

Paper 1: ShrinkBox: Backdoor Attack on Object Detection to Disrupt Collision Avoidance in Machine Learning-based Advanced Driver Assistance Systems

Paper 2: PoisonedGNN: Backdoor Attack on Graph Neural Networks-based Hardware Security Systems

Capsule-Network Adversarial Robustness

Evaluates and improves the adversarial robustness of capsule networks, including their resilience to affine transformations and adversarial attacks while considering hardware-efficient neural architecture design.

Paper 1: RobCaps: Evaluating the Robustness of Capsule Networks against Affine Transformations and Adversarial Attacks

Paper 2: RoHNAS: A Neural Architecture Search Framework with Conjoint Optimization for Adversarial Robustness and Hardware Efficiency of Convolutional and Capsule Networks

Attacks on SNNs, DVS systems, and Neuromorphic AI

Studies security vulnerabilities in neuromorphic AI, including adversarial attacks on spiking neural networks, Dynamic Vision Sensor event streams, and hardware-level bit-flip threats triggered by external inputs.

Paper 1: Is Spiking Secure? A Comparative Study on the Security Vulnerabilities of Spiking and Deep Neural Networks

Paper 2: DVS-Attacks: Adversarial Attacks on Dynamic Vision Sensors for Spiking Neural Networks

SNN Defenses and SNN Robustness

Improves the adversarial robustness of spiking neural networks by leveraging inherent SNN structural parameters and DVS noise-filtering techniques to reduce vulnerability to adversarial inputs.

Paper 1: Securing Deep Spiking Neural Networks against Adversarial Attacks through Inherent Structural Parameters

Paper 2: R-SNN: An Analysis and Design Methodology for Robustifying Spiking Neural Networks against Adversarial Attacks through Noise Filters for Dynamic Vision Sensors

Attacks and Defenses for ML-Based Hardware Security

Focuses on adversarial and backdoor threats against ML-based hardware-security systems, particularly GNN models used for hardware analysis, including poisoning-based compromise and RL–LLM-guided evasion attacks.

Paper 1: PoisonedGNN: Backdoor Attack on Graph Neural Networks-based Hardware Security Systems

Paper 2: NetDeTox: Adversarial and Efficient Evasion of Hardware-Security GNNs via RL-LLM Orchestration

Medical-Imaging Adversarial Robustness

Addresses the adversarial resilience of medical-imaging classifiers, particularly Vision Transformer-based pipelines and hybrid defense techniques designed to maintain reliable diagnosis under adversarial attacks.

Paper 1: S-E Pipeline: A Vision Transformer (ViT) based Resilient Classification Pipeline for Medical Imaging Against Adversarial Attacks

Paper 2: Hy-Deft: A Hybrid Defense Technique for Vision Transformers against Adversarial Attacks in Medical Imaging

Quantum/Quantum-Federated Adversarial Robustness

Focuses on analyzing and improving the adversarial robustness of quantum and quantum-federated learning models, including quanvolutional neural networks, robust quantum circuit design, and adversarial training in distributed quantum settings.

Paper 1: QFAL: Quantum Federated Adversarial Learning

Paper 2: RobQFL: Robust Quantum Federated Learning in Adversarial Environment

Broad Surveys, Roadmaps, and Threat Overviews

Presents comprehensive surveys and taxonomies of adversarial and backdoor threats, covering physical attacks on camera and LiDAR systems, backdoor attacks in deep learning, and defense methods for vision-based systems.

Paper 1: Physical Adversarial Attacks for Camera-Based Smart Systems: Current Trends, Categorization, Applications, Research Challenges, and Future Outlook

Paper 2: Survey on Backdoor Attacks on Deep Learning: Current Trends, Categorization, Applications, Research Challenges, and Future Prospects