{"id":"https://openalex.org/W7128091198","doi":"https://doi.org/10.48550/arxiv.2602.06026","title":"GUARDIAN: Safety Filtering for Systems with Perception Models Subject to Adversarial Attacks","display_name":"GUARDIAN: Safety Filtering for Systems with Perception Models Subject to Adversarial Attacks","publication_year":2026,"publication_date":"2026-02-05","ids":{"openalex":"https://openalex.org/W7128091198","doi":"https://doi.org/10.48550/arxiv.2602.06026"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2602.06026","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5125228630","display_name":"Nicholas Rober","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Rober, Nicholas","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125130584","display_name":"Alex Rose","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Rose, Alex","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":null,"display_name":"How, Jonathan P.","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"How, Jonathan P.","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5125228630"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9925000071525574,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.0024999999441206455,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10142","display_name":"Formal Methods in Verification","score":0.0005000000237487257,"subfield":{"id":"https://openalex.org/subfields/1703","display_name":"Computational Theory and Mathematics"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/reachability","display_name":"Reachability","score":0.7432000041007996},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.6844000220298767},{"id":"https://openalex.org/keywords/filter","display_name":"Filter (signal processing)","score":0.520799994468689},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.5034000277519226},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4805000126361847},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.4740000069141388},{"id":"https://openalex.org/keywords/estimator","display_name":"Estimator","score":0.45399999618530273},{"id":"https://openalex.org/keywords/system-safety","display_name":"System safety","score":0.4357999861240387}],"concepts":[{"id":"https://openalex.org/C136643341","wikidata":"https://www.wikidata.org/wiki/Q1361526","display_name":"Reachability","level":2,"score":0.7432000041007996},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.6844000220298767},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6704999804496765},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.520799994468689},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.5034000277519226},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4805000126361847},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.4740000069141388},{"id":"https://openalex.org/C185429906","wikidata":"https://www.wikidata.org/wiki/Q1130160","display_name":"Estimator","level":2,"score":0.45399999618530273},{"id":"https://openalex.org/C132835097","wikidata":"https://www.wikidata.org/wiki/Q7663745","display_name":"System safety","level":2,"score":0.4357999861240387},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4242999851703644},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3840000033378601},{"id":"https://openalex.org/C2780801425","wikidata":"https://www.wikidata.org/wiki/Q5164392","display_name":"Construct (python library)","level":2,"score":0.37950000166893005},{"id":"https://openalex.org/C47446073","wikidata":"https://www.wikidata.org/wiki/Q5165890","display_name":"Control theory (sociology)","level":3,"score":0.3508000075817108},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.33709999918937683},{"id":"https://openalex.org/C26760741","wikidata":"https://www.wikidata.org/wiki/Q160402","display_name":"Perception","level":2,"score":0.3285999894142151},{"id":"https://openalex.org/C2984536560","wikidata":"https://www.wikidata.org/wiki/Q818544","display_name":"State estimator","level":3,"score":0.31049999594688416},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2863999903202057},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.28380000591278076},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.2685999870300293},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2628999948501587},{"id":"https://openalex.org/C111498074","wikidata":"https://www.wikidata.org/wiki/Q173326","display_name":"Formal verification","level":2,"score":0.2615000009536743},{"id":"https://openalex.org/C29265498","wikidata":"https://www.wikidata.org/wiki/Q7047719","display_name":"Noise measurement","level":3,"score":0.2581999897956848},{"id":"https://openalex.org/C36299963","wikidata":"https://www.wikidata.org/wiki/Q1369844","display_name":"Observability","level":2,"score":0.25529998540878296}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2602.06026","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2602.06026","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2602.06026","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2602.06026","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"publisher-specific-oa","license_id":"https://openalex.org/licenses/publisher-specific-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.7166028022766113,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Safety":[0],"filtering":[1,62],"is":[2,22,128],"an":[3,129,140],"effective":[4],"method":[5],"for":[6,25,69],"enforcing":[7],"constraints":[8],"in":[9],"safety-critical":[10],"systems,":[11],"but":[12],"existing":[13],"methods":[14],"typically":[15],"assume":[16],"perfect":[17],"state":[18,33,73,90,121],"information.":[19],"This":[20],"limitation":[21],"especially":[23],"problematic":[24],"systems":[26,70,159],"that":[27,64,111,132,155,163],"rely":[28],"on":[29,87,118,139],"neural":[30,79],"network":[31,80],"(NN)-based":[32],"estimators,":[34],"which":[35],"can":[36],"be":[37],"highly":[38],"sensitive":[39],"to":[40,83,95,106,167],"noise":[41],"and":[42,123,151],"adversarial":[43,161],"input":[44,116,147],"perturbations.":[45],"We":[46],"address":[47],"these":[48],"problems":[49],"by":[50],"introducing":[51],"GUARDIAN:":[52],"Guaranteed":[53],"Uncertainty-Aware":[54],"Reachability":[55],"Defense":[56],"against":[57,160],"Adversarial":[58],"INterference,":[59],"a":[60,101,108,168],"safety":[61,67,109,124,134,171],"framework":[63],"provides":[65],"formal":[66],"guarantees":[68],"with":[71,143],"NN-based":[72],"estimators.":[74],"At":[75],"runtime,":[76],"GUARDIAN":[77,156],"uses":[78,100],"verification":[81],"tools":[82],"provide":[84],"guaranteed":[85],"bounds":[86,122],"the":[88,113,119,136],"system's":[89,137],"estimate":[91],"given":[92],"possible":[93],"perturbations":[94],"its":[96],"observation.":[97],"It":[98],"then":[99],"modified":[102],"Hamilton-Jacobi":[103],"reachability":[104],"formulation":[105],"construct":[107],"filter":[110,131],"adjusts":[112],"nominal":[114],"control":[115],"based":[117],"verified":[120],"constraints.":[125,172],"The":[126],"result":[127],"uncertainty-aware":[130],"ensures":[133],"despite":[135],"reliance":[138],"NN":[141],"estimator":[142],"noisy,":[144],"possibly":[145],"adversarial,":[146],"observations.":[148],"Theoretical":[149],"analysis":[150],"numerical":[152],"experiments":[153],"demonstrate":[154],"effectively":[157],"defends":[158],"attacks":[162],"would":[164],"otherwise":[165],"lead":[166],"violation":[169],"of":[170]},"counts_by_year":[],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2026-02-07T00:00:00"}