Latest Adversarial Robustness Research Papers
The newest Adversarial Robustness papers from across the field — arXiv, NeurIPS, CVPR, Nature, and more — refreshed daily and ranked by relevance. Distill AI tracks Adversarial Robustness so you don’t have to: get the standout work delivered to your inbox every morning, with 2-sentence summaries and the option to chat with any paper.
Get the latest Adversarial Robustness papers in your inbox — free →Recent papers
- scArchon: a scalable benchmarking framework for assessing single-cell perturbation modelsJean Radig, Robin Droit, Daria Doncevic, Albert Li et al. · Genome biology · May 12, 2026
BACKGROUND: The accurate prediction of cellular responses to perturbations, such as drug treatments, remains a pivotal challenge in single-cell transcriptomics. While numerous deep learning tools have been developed for this task, their sys…
- A Multi-Level Integrity Evaluation Framework for Quantum Circuits under Controlled Anomaly InjectionEjaz Ahmed, Boshuai Ye, Syed Hamza Shah, Muhammad Azeem Akbar et al. · arXiv · Apr 29, 2026
Ensuring the integrity of quantum circuits is a significant challenge in the Noisy Intermediate-Scale Quantum (NISQ) era, where circuits are subject to compilation transformations, hardware constraints, and potential adversarial modificatio…
- Can Cross-Layer Design Bridge Security and Efficiency? A Robust Authentication Framework for Healthcare Information Exchange SystemsKhalid M. Ezzat, Muhammad El-Saba, Mahmoud A. Shawky · arXiv · Apr 29, 2026
As healthcare systems become increasingly interconnected, ensuring secure and continuous device authentication in health information exchange (HIE) networks is critical to safeguarding patient data and clinical operations. In this context, …
- eDySec: A Deep Learning-based Explainable Dynamic Analysis Framework for Detecting Malicious Packages in PyPI EcosystemSk Tanzir Mehedi, Raja Jurdak, Chadni Islam, Abu Bakar Siddique Mahi et al. · arXiv · Apr 29, 2026
The security of open-source software repositories is increasingly threatened by next-gen software supply chain attacks. These attacks include multiphase malware execution, remote access activation, and dynamic payload generation. Traditiona…
- BEAMFS v2: A Linux Filesystem with Electromagnetic Resilience and Reed-Solomon RecoveryAurelien Desbrieres · Open MIND · Apr 29, 2026
Technical Report — Version 2 BEAMFS v2 is a Linux filesystem providing autonomic recovery from electromagnetic perturbations of persistent storage, including stochastic single-event upsets, multi-bit upsets, and adversarial high-power elect…
- GenDetect: Generalizing Reactive Detection for Resilience Against Imitative DeFi Attack CascadeBowen Cai, Weiheng Bai, Youshui Lu, Haoran Xu et al. · arXiv · Apr 28, 2026
As blockchain ecosystems grow, financially motivated attackers increasingly exploit decentralized finance (DeFi) protocols, causing frequent and severe losses. Unlike conventional cyberattacks, DeFi exploits propagate rapidly due to the tra…
- Large Language Models as Explainable Cyberattack Detectors for Energy Industrial Control SystemsWeiyi Kong, Ahmad Mohammad Saber, Amr Youssef, Deepa Kundur · arXiv · Apr 28, 2026
In modern energy systems, industrial control systems (ICS) and power-system SCADA require intrusion detection that is not only accurate but also auditable by operators. The ICS intrusion-detection landscape is currently dominated by establi…
- Threat-Oriented Digital Twinning for Security Evaluation of Autonomous PlatformsThomas J. Neubert, Laxima Niure Kandel, Berker Peköz · arXiv · Apr 28, 2026
Open, unclassified research on secure autonomy is constrained by limited access to operational platforms, contested communications infrastructure, and representative adversarial test conditions. This paper presents a threat-oriented digital…
- SnapGuard: Lightweight Prompt Injection Detection for Screenshot-Based Web AgentsMengyao Du, Han Fang, Haokai Ma, Jiahao Chen et al. · arXiv · Apr 28, 2026
Web agents have emerged as an effective paradigm for automating interactions with complex web environments, yet remain vulnerable to prompt injection attacks that embed malicious instructions into webpage content to induce unintended action…
- Medoid Prototype Alignment for Cross-Plant Unknown Attack Detection in Industrial Control SystemsLuyao Wang · arXiv · Apr 28, 2026
Deploying an intrusion detector trained in one industrial plant to another remains difficult because Industrial Control System (ICS) traffic is highly site-dependent, labels are scarce, and unseen attacks often appear after deployment. To a…
- MARD: A Multi-Agent Framework for Robust Android Malware DetectionXueying Zeng, Youquan Xian, Sihao Liu, Xudong Mou et al. · arXiv · Apr 28, 2026
With the rapid evolution of Android applications, traditional machine learning-based detection models suffer from concept drift. Additionally, they are constrained by shallow features, lacking deep semantic understanding and interpretabilit…
- R-CoT: A Reasoning-Layer Watermark via Redundant Chain-of-Thought in Large Language ModelsZiming Zhang, Li Li, Guorui Feng, Hanzhou Wu et al. · arXiv · Apr 28, 2026
Large language models (LLMs) are widely deployed in multiple scenarios due to reasoning capabilities. In order to prevent the models from being misused, watermarking is generally employed to ensure ownership. However, most existing watermar…
- MGTEVAL: An Interactive Platform for Systemtic Evaluation of Machine-Generated Text DetectorsYuanfan Li, Qi Zhou, Chengzhengxu Li, Zhaohan Zhang et al. · arXiv · Apr 28, 2026
We present MGTEVAL, an extensible platform for systematic evaluation of Machine-Generated Text (MGT) detectors. Despite rapid progress in MGT detection, existing evaluations are often fragmented across datasets, preprocessing, attacks, and …
- Structured Security Auditing and Robustness Enhancement for Untrusted Agent SkillsLijia Lv, Xuehai Tang, Jie Wen, Jizhong Han et al. · arXiv · Apr 28, 2026
Agent Skills package SKILL.md files, scripts, reference documents, and repository context into reusable capability units, turning pre-load auditing from single-prompt filtering into cross-file security review. Existing guardrails often flag…
- Extended Abstract: Shaperd: Easily Adoptable Real-Time Traffic Shaper for Fully Encrypted ProtocolsSarah Wilson, Stella Tian, Sina Kamali · arXiv · Apr 27, 2026
Fully encrypted protocol-based tools (FEPs) are tools commonly used to circumvent censorship in restrictive regions, valued for their performance and security. However, in recent years, censors have been able to block them using an array of…
- Poisoning Learned Index Structures: Static and Dynamic Adversarial Attacks on ALEXAllen Jue · arXiv · Apr 27, 2026
Learned index structures achieve high performance by modeling the cumulative distribution function (CDF) of keys, but this reliance on data distributions introduces potential vulnerability to adversarial manipulation. Prior work has explore…
- CAN-QA: A Question-Answering Benchmark for Reasoning over In-Vehicle CAN TrafficJing Chen, Abhijay Deevi, Onat Gungor, Tajana Rosing · arXiv · Apr 27, 2026
The Controller Area Network (CAN) is a safety-critical in-vehicle communication protocol that lacks built-in security mechanisms, making intrusion detection essential. Existing approaches predominantly formulate CAN intrusion detection as a…
- Network Impact of Post-Quantum Certificate Chain sizes on Time to First Byte in TLS DeploymentsMatthew Chou, Phuong Cao · arXiv · Apr 27, 2026
Post-Quantum Cryptography (PQC) is a rapidly growing deployment challenge as cryptographically relevant quantum computers (CRQC) continue to advance, leaving traditional cryptographic algorithms used in X.509 vulnerable to attack. However, …
- ARCANE: Cross-Campaign Attacker Re-identification via Passive Beacon Telemetry -- A Bayesian Network Framework for Longitudinal Cyber AttributionAbraham Itzhak Weinberg · arXiv · Apr 27, 2026
Current cyber attribution approaches typically operate on a per-incident basis, leaving open whether aggregating evidence across campaigns improves adversary identification. We investigate whether cross-campaign attribution reduces ambiguit…
- DETOUR: A Practical Backdoor Attack against Object DetectionDazhuang Liu, Yanqi Qiao, Rui Wang, Kaitai Liang et al. · arXiv · Apr 27, 2026
Object detection (OD) is critical to real-world vision systems, yet existing backdoor attacks on detection transformers (DETRs) for OD tasks rely on patch-wise triggers optimized at fixed locations with minimal perturbations. Such attacks o…
- Cross-Modal Phantom: Coordinated Camera-LiDAR Spoofing Against Multi-Sensor Fusion in Autonomous VehiclesShahriar Rahman Khan, Raiful Hasan · arXiv · Apr 23, 2026
Autonomous Vehicles (AVs) increasingly depend on Multi-Sensor Fusion (MSF) to combine complementary modalities such as cameras and LiDAR for robust perception. While this redundancy is intended to safeguard against single-sensor failures, t…
- Black-Box Skill Stealing Attack from Proprietary LLM Agents: An Empirical StudyZihan Wang, Rui Zhang, Yu Liu, Chi Liu et al. · arXiv · Apr 23, 2026
LLM agents increasingly rely on skills to encapsulate reusable capabilities via progressively disclosed instructions. High-quality skills inject expert knowledge into general-purpose models, improving performance on specialized tasks. This …
- Adversarial Robustness of Near-Field Millimeter-Wave Imaging under Waveform-Domain AttacksLhamo Dorje, Jordan Madden, Soamar Homsi, Xiaohua Li · arXiv · Apr 23, 2026
Near-field millimeter-wave (mmWave) imaging is widely deployed in safety-critical applications such as airport passenger screening, yet its own security remains largely unexplored. This paper presents a systematic study of the adversarial r…
- On the Challenges of Holistic Intrusion Detection in ICSStefan Lenz, Julia Raab, Benedikt Holzbach, Deniz Köller et al. · arXiv · Apr 23, 2026
Past attacks against industrial control systems (ICS) show that adversaries often target both the ICS network and the physical process to achieve potential catastrophic impact. To secure ICS, intrusion detection systems promise timely uncov…
- A-THENA: Early Intrusion Detection for IoT with Time-Aware Hybrid Encoding and Network-Specific AugmentationIoannis Panopoulos, Maria Lamprini A. Bartsioka, Sokratis Nikolaidis, Stylianos I. Venieris et al. · arXiv · Apr 23, 2026
The proliferation of Internet of Things (IoT) devices has significantly expanded attack surfaces, making IoT ecosystems particularly susceptible to sophisticated cyber threats. To address this challenge, this work introduces A-THENA, a ligh…
- MCP Pitfall Lab: Exposing Developer Pitfalls in MCP Tool Server Security under Multi-Vector AttacksRun Hao, Zhuoran Tan · arXiv · Apr 23, 2026
Model Context Protocol (MCP) is increasingly adopted for tool-integrated LLM agents, but its multi-layer design and third-party server ecosystem expand risks across tool metadata, untrusted outputs, cross-tool flows, multimodal inputs, and …
- A Stackelberg Model for Hybridization in CryptographyWillie Kouam, Stefan Rass, Zahra Seyedi, Shahzad Ahmad et al. · arXiv · Apr 23, 2026
Similar to a strategic interaction between rational and intelligent agents, cryptography problems can be examined through the prism of game theory. In this setting, the agent aiming to protect a message is called the defender, while the one…
- CSC: Turning the Adversary's Poison against ItselfYuchen Shi, Xin Guo, Huajie Chen, Tianqing Zhu et al. · arXiv · Apr 23, 2026
Poisoning-based backdoor attacks pose significant threats to deep neural networks by embedding triggers in training data, causing models to misclassify triggered inputs as adversary-specified labels while maintaining performance on clean da…
- Adversarial Evasion in Non-Stationary Malware Detection: Minimizing Drift Signals through Similarity-Constrained PerturbationsPawan Acharya, Lan Zhang · arXiv · Apr 23, 2026
Deep learning has emerged as a powerful approach for malware detection, demonstrating impressive accuracy across various data representations. However, these models face critical limitations in real-world, non-stationary environments where …
- Physically Unclonable Functions for Secure IoT Authentication and Hardware-Anchored AI Model IntegrityMaryam Taghi Zadeh, Mohsen Ahmadi · arXiv · Apr 23, 2026
The rapid integration of artificial intelligence (AI) into Internet of Things (IoT) and edge computing systems has intensified the need for robust, hardware-rooted trust mechanisms capable of ensuring device authenticity and AI model integr…