11010010
00101101
10110100
01101011
11001010
00110101
10100101
01010110
11101001
00110010
10101100
01010011
01001110
11100010
00011101
10001011
00100111
11011000
AI Security
Adversarial Robustness, Defense Mechanisms, and Trustworthy AI Systems
Overview
As deep learning models are increasingly deployed in safety-critical applications—from medical diagnostics to autonomous systems and wireless communications—their vulnerability to adversarial attacks has become a pressing concern. Small, carefully crafted perturbations can cause state-of-the-art models to produce catastrophically wrong predictions, undermining trust in AI systems.
My research focuses on understanding, exposing, and defending against these adversarial threats. I investigate both classical attack methods (FGSM, PGD, CW) and novel quantum-inspired attack strategies, while developing defense mechanisms that maintain model performance under adversarial conditions. The goal is to build AI systems that are not only accurate but also robust, reliable, and trustworthy in real-world deployment.
Adversarial Robustness in Wireless Communication
Deep learning-based Automatic Modulation Classification (AMC) has shown impressive accuracy in identifying wireless signal types. However, these classifiers are vulnerable to adversarial perturbations—subtle signal modifications that can cause misclassification while remaining undetectable to conventional monitoring.
In this work, we systematically analyze the adversarial robustness of deep learning-based AMC systems. We evaluate multiple attack strategies under realistic wireless channel conditions and examine how signal-to-noise ratios, modulation types, and model architectures interact to create exploitable vulnerabilities. Our findings reveal that even small perturbations can significantly degrade classification accuracy, highlighting critical security concerns for AI-powered communication systems in military and civilian applications.
Quantum Noise-Based Adversarial Attacks on Diffusion Models
Diffusion models have emerged as a powerful generative framework, but their robustness against adversarial interference remains underexplored. We investigate a novel attack paradigm that leverages quantum noise characteristics to perturb the denoising process of diffusion models.
By injecting carefully structured noise patterns inspired by quantum mechanical processes, we demonstrate that diffusion models can be manipulated to produce degraded or targeted outputs. We further analyze several defense mechanisms against these quantum-inspired attacks and evaluate their effectiveness in preserving generation quality. This work bridges quantum computing concepts with AI security, opening new research directions in adversarial machine learning.
FPGA-Based Real-Time Voice Risk Detection
Voice-based AI systems are increasingly used in authentication and communication, making them attractive targets for adversarial manipulation. We address this challenge by designing and implementing an FPGA-based real-time voice risk detection system capable of identifying potentially harmful or adversarially manipulated audio signals.
The system leverages hardware acceleration to achieve low-latency processing, enabling real-time detection in resource-constrained environments. By combining signal processing techniques with lightweight deep learning inference on FPGA, the system can identify voice spoofing attempts, deepfake audio, and other risk patterns with high accuracy and minimal power consumption. This work demonstrates the potential of hardware-accelerated AI security solutions for edge deployment.
Post-hoc Defense in Federated Learning
Federated learning enables collaborative model training without sharing raw data, but the distributed nature of the paradigm introduces unique security vulnerabilities. Adversarial attacks can target individual clients or the aggregation process, potentially corrupting the global model.
We investigate post-hoc defense strategies that apply knowledge distillation to enhance the robustness of federated models after training. Through empirical studies against FGSM and PGD attacks, we demonstrate that knowledge distillation can effectively transfer robustness properties from adversarially trained teacher models to student models in the federated setting, improving defense without requiring retraining of all participants.
Tools & Frameworks
Related Publications
- "Adversarial Robustness Analysis of Deep Learning-Based Automatic Modulation Classification in Wireless Communication" — ICAIIC IEEE 2026
- "Design and Implementation of an FPGA-Based Real-Time Voice Risk Detection System" — KCS 2026
- "Quantum Noise-based Adversarial Attack on Diffusion Models and Analysis of Defense Mechanisms" — KIIT-JICS 2026
- "Post-hoc Defense with Knowledge Distillation in Federated Learning: An Empirical Study against FGSM and PGD Attacks" — KICS Conference 2025
- "A Study on Robustness Enhancement and Multi-Adversarial Attacks in Vision Transformer-based Image Classification Models" — KIIT Conference 2025
Reading List
- Explaining and Harnessing Adversarial Examples — Ian J. Goodfellow et al., ICLR 2015
- Towards Deep Learning Models Resistant to Adversarial Attacks (PGD) — Madry et al., ICLR 2018
- Towards Evaluating the Robustness of Neural Networks (C&W Attack) — Carlini & Wagner, IEEE S&P 2017
- Adversarial Examples Are Not Bugs, They Are Features — Ilyas et al., NeurIPS 2019
- A Survey on Adversarial Attacks and Defenses in Deep Learning — Chakraborty et al., 2021