cs.CRcs.LG
Adversarial Robustness of Time-Series Classification for Crystal Collimator Alignment
Apr 7, 2026
This paper enhances the adversarial robustness of a CNN used for time-series classification in crystal-collimator alignment by developing a differentiable wrapper and employing adversarial fine-tuning, improving robust accuracy by up to 18.6%.
In this paper, we analyze and improve the adversarial robustness of a convolutional neural network (CNN) that assists crystal-collimator alignment at CERN's Large Hadron Collider (LHC) by classifying a beam-loss monitor (BLM) time series during crystal rotation. We formalize a local robustness property for this classifier under an adversarial threat model based on real-world plausibility. Building on established parameterized input-transformation patterns used for transformation- and semantic-perturbation robustness, we instantiate a preprocessing-aware wrapper for our deployed time-series pipeline: we encode time-series normalization, padding constraints, and structured perturbations as a lightweight differentiable wrapper in front of the CNN, so that existing gradient-based robustness frameworks can operate on the deployed pipeline. For formal verification, data-dependent preprocessing such as per-window z-normalization introduces nonlinear operators that require verifier-specific abstractions. We therefore focus on attack-based robustness estimates and pipeline-checked validity by benchmarking robustness with the frameworks Foolbox and ART. Adversarial fine-tuning of the resulting CNN improves robust accuracy by up to 18.6 % without degrading clean accuracy. Finally, we extend robustness on time-series data beyond single windows to sequence-level robustness for sliding-window classification, introduce adversarial sequences as counterexamples to a temporal robustness requirement over full scans, and observe attack-induced misclassifications that persist across adjacent windows.
INTARG: Informed Real-Time Adversarial Attack Generation for Time-Series Regression
The paper proposes INTARG, an informed and selective adversarial attack framewor…
QShield: Securing Neural Networks Against Adversarial Attacks using Quantum Circuits
The paper proposes QShield, a hybrid quantum-classical neural network architectu…
Attack Assessment and Augmented Identity Recognition for Human Skeleton Data
The paper proposes Attack-AAIRS, a novel framework that uses GAN-generated synth…
Can Drift-Adaptive Malware Detectors Be Made Robust? Attacks and Defenses Under White-Box and Black-…
The paper proposes a universal robustification framework to enhance drift-adapti…
Precision-Varying Prediction (PVP): Robustifying ASR systems against adversarial attacks
This paper proposes using random sampling of prediction precision during inferen…
Adversarial Attacks on Locally Private Graph Neural Networks
This paper investigates the vulnerability of Graph Neural Networks (GNNs) protec…
Adversarial Vulnerabilities in Neural Operator Digital Twins: Gradient-Free Attacks on Nuclear Therm…
This paper demonstrates that neural operators used in digital twins for nuclear…
Explainability-Guided Adversarial Attacks on Transformer-Based Malware Detectors Using Control Flow…
This paper proposes an explainability-guided adversarial attack that successfull…