{"id":"https://openalex.org/W7137802117","doi":"https://doi.org/10.48550/arxiv.2603.13970","title":"Shapes are not enough: CONSERVAttack and its use for finding vulnerabilities and uncertainties in machine learning applications","display_name":"Shapes are not enough: CONSERVAttack and its use for finding vulnerabilities and uncertainties in machine learning applications","publication_year":2026,"publication_date":"2026-03-14","ids":{"openalex":"https://openalex.org/W7137802117","doi":"https://doi.org/10.48550/arxiv.2603.13970"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2603.13970","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.13970","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2603.13970","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129733005","display_name":"Philip Bechtle","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Bechtle, Philip","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129647798","display_name":"Lucie Flek","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Flek, Lucie","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129721746","display_name":"Philipp Alexander Jung","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jung, Philipp Alexander","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129665593","display_name":"Akbar Karimi","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Karimi, Akbar","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5115860972","display_name":"Timo Saala","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Saala, Timo","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129662237","display_name":"Alexander Schmidt","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Schmidt, Alexander","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129641727","display_name":"Matthias Schott","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Schott, Matthias","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079541904","display_name":"Philipp Soldin","orcid":"https://orcid.org/0000-0003-1761-2495"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Soldin, Philipp","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5129712276","display_name":"Christopher Wiebusch","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wiebusch, Christopher","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5093811569","display_name":"Ulrich Willemsen","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Willemsen, Ulrich","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":10,"corresponding_author_ids":["https://openalex.org/A5129733005"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.2476000040769577,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.2476000040769577,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10048","display_name":"Particle physics theoretical and experimental studies","score":0.18940000236034393,"subfield":{"id":"https://openalex.org/subfields/3106","display_name":"Nuclear and High Energy Physics"},"field":{"id":"https://openalex.org/fields/31","display_name":"Physics and Astronomy"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13650","display_name":"Computational Physics and Python Applications","score":0.056699998676776886,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7980999946594238},{"id":"https://openalex.org/keywords/adversarial-system","display_name":"Adversarial system","score":0.7605000138282776},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.633899986743927},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.4521999955177307},{"id":"https://openalex.org/keywords/uncertainty-quantification","display_name":"Uncertainty quantification","score":0.4300999939441681},{"id":"https://openalex.org/keywords/data-space","display_name":"Data space","score":0.4032999873161316},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.3993000090122223},{"id":"https://openalex.org/keywords/adversarial-machine-learning","display_name":"Adversarial machine learning","score":0.35190001130104065}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7980999946594238},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.7649000287055969},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.7605000138282776},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.7050999999046326},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6955999732017517},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.633899986743927},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.4521999955177307},{"id":"https://openalex.org/C32230216","wikidata":"https://www.wikidata.org/wiki/Q7882499","display_name":"Uncertainty quantification","level":2,"score":0.4300999939441681},{"id":"https://openalex.org/C2988382989","wikidata":"https://www.wikidata.org/wiki/Q370685","display_name":"Data space","level":2,"score":0.4032999873161316},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.3993000090122223},{"id":"https://openalex.org/C2778403875","wikidata":"https://www.wikidata.org/wiki/Q20312394","display_name":"Adversarial machine learning","level":3,"score":0.35190001130104065},{"id":"https://openalex.org/C55037315","wikidata":"https://www.wikidata.org/wiki/Q5421151","display_name":"Experimental data","level":2,"score":0.33970001339912415},{"id":"https://openalex.org/C186370098","wikidata":"https://www.wikidata.org/wiki/Q442787","display_name":"Energy (signal processing)","level":2,"score":0.33329999446868896},{"id":"https://openalex.org/C83665646","wikidata":"https://www.wikidata.org/wiki/Q42139305","display_name":"Feature vector","level":2,"score":0.310699999332428},{"id":"https://openalex.org/C59404180","wikidata":"https://www.wikidata.org/wiki/Q17013334","display_name":"Feature learning","level":2,"score":0.2971000075340271},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.28700000047683716},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.28450000286102295},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.2822999954223633},{"id":"https://openalex.org/C115903097","wikidata":"https://www.wikidata.org/wiki/Q7094097","display_name":"Online machine learning","level":3,"score":0.2791999876499176},{"id":"https://openalex.org/C2778827112","wikidata":"https://www.wikidata.org/wiki/Q22245680","display_name":"Feature engineering","level":3,"score":0.2761000096797943},{"id":"https://openalex.org/C149441793","wikidata":"https://www.wikidata.org/wiki/Q200726","display_name":"Probability distribution","level":2,"score":0.275299996137619},{"id":"https://openalex.org/C45942800","wikidata":"https://www.wikidata.org/wiki/Q245652","display_name":"Ensemble learning","level":2,"score":0.263700008392334},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.25270000100135803},{"id":"https://openalex.org/C45804977","wikidata":"https://www.wikidata.org/wiki/Q7239673","display_name":"Predictive modelling","level":2,"score":0.2515000104904175}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2603.13970","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.13970","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2603.13970","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2603.13970","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"In":[0,40,90],"High":[1],"Energy":[2],"Physics,":[3],"as":[4],"in":[5,20,54,105,213],"many":[6],"other":[7,75],"fields":[8],"of":[9,13,24,46,59,80,83,94,132,155],"science,":[10],"the":[11,65,68,74,78,86,111,117,146,152,163,174,186],"application":[12],"machine":[14,87],"learning":[15,29,88,212],"techniques":[16],"has":[17],"been":[18,135],"crucial":[19],"advancing":[21],"our":[22],"understanding":[23],"fundamental":[25],"phenomena.":[26],"Increasingly,":[27],"deep":[28,211],"models":[30],"are":[31,108,171],"applied":[32],"to":[33,119,122,150,193,201],"analyze":[34],"both":[35],"simulated":[36],"and":[37,71,97,103,116,160,197],"experimental":[38],"data.":[39],"most":[41],"experiments,":[42],"a":[43,141],"rigorous":[44],"regime":[45],"testing":[47],"for":[48,62],"physically":[49],"motivated":[50],"systematic":[51],"uncertainties":[52],"is":[53],"place.":[55],"The":[56,167],"numerical":[57],"evaluation":[58],"these":[60],"tests":[61],"differences":[63],"between":[64,101,158],"data":[66,102,161],"on":[67,73,85],"one":[69],"side":[70,76],"simulations":[72],"quantifies":[77],"effect":[79],"potential":[81],"sources":[82,131],"mismodelling":[84],"output.":[89],"addition,":[91],"thorough":[92],"comparisons":[93,121],"marginal":[95],"distributions":[96],"(linear)":[98],"feature":[99],"correlations":[100],"simulation":[104,159],"\"control":[106],"regions\"":[107],"applied.":[109],"However,":[110],"guidance":[112],"by":[113],"physical":[114],"motivation,":[115],"need":[118],"constrain":[120],"specific":[123],"regions,":[124],"does":[125],"not":[126],"guarantee":[127],"that":[128,199],"all":[129],"possible":[130],"deviations":[133,157],"have":[134],"accounted":[136],"for.":[137],"We":[138,189],"therefore":[139],"propose":[140,191],"new":[142],"adversarial":[143,169,202],"attack":[144],"-":[145,148,177,182],"CONSERVAttack":[147],"designed":[149],"exploit":[151],"remaining":[153],"space":[154],"hypothetical":[156],"after":[162],"above":[164],"mentioned":[165],"tests.":[166],"resulting":[168],"perturbations":[170],"consistent":[172],"within":[173],"uncertainty":[175],"bounds":[176],"evading":[178],"standard":[179],"validation":[180],"checks":[181],"while":[183],"successfully":[184],"fooling":[185],"underlying":[187],"model.":[188],"further":[190],"strategies":[192],"mitigate":[194],"such":[195],"vulnerabilities":[196],"argue":[198],"robustness":[200],"effects":[203],"must":[204],"be":[205],"considered":[206],"when":[207],"interpreting":[208],"results":[209],"from":[210],"particle":[214],"physics.":[215]},"counts_by_year":[],"updated_date":"2026-03-18T06:31:55.123368","created_date":"2026-03-18T00:00:00"}