BZPEERReading, trust and collaboration for research
Menu

Discover

GraphFollow connections around a paper, topic or saved view.

Workspaces

HomePick up where your research flow left off.InboxHandle requests, replies and notifications from one place.CollectionsCurate reading lists, evidence sets and shareable dossiers.ResearchSee your private provenance graph, trail and imports.CollaborationMove from discovery into focused discussion rooms.PublishDraft, preview and publish full-text research articles.

Network

ExpertsFind specialists worth following or asking for help.CommunitiesJoin research circles organized around shared work.PartnersSee external organizations active around the same topics.

Opportunities

ListingsBrowse roles, calls and collaborations with clearer fit signals.

Account

Log inReturn to your reading and collaboration workspace.Create accountStart saving work, following people and joining teams.
Log inCreate account

Researcher profile

Ryan Gerdes

Ryan Gerdes contributes to research discovery and scholarly infrastructure.

ResearcherAffiliation not importedOpen to collaborate
Cryptography and Securityeess.SPeess.SYMachine LearningSystems and ControlComputer Visioncs.CYeess.IVHardware ArchitectureRobotics

Trust snapshot

Quick read

Trust 21 - EmergingVerification L1Unclaimed author
7works
0followers
10topics
4close collaborators

Actions

Decide how to stay connected

Follow researcher0

Identity and collaboration

How to connect with this researcher

Claiming links this public author record to a researcher profile and unlocks direct collaboration workflows.

Log in to claim

Direct collaboration

Open a focused conversation when the fit is right

Claim this author entity first to unlock direct invitations.

Research graph

See the researcher in context

Open full explorer

Inspect adjacent work, topics, institutions and collaborators without jumping out to a separate graph page.

Building this graph slice

BZPEER is loading the nearby papers, people, topics and institutions for this page.

Published work

7 published item(s)

preprint2026arXiv

Systematic Discovery of Semantic Attacks in Online Map Construction through Conditional Diffusion

Autonomous vehicles depend on online HD map construction to perceive lane boundaries, dividers, and pedestrian crossings -- safety-critical road elements that directly govern motion planning. While existing pixel perturbation attacks can disrupt the mapping, they can be neutralized by standard adversarial defenses. We present MIRAGE, a framework for systematic discovery of semantic attacks that bypass adversarial defenses and degrade mapping predictions by finding plausible environmental variation (e.g. shadows, wet roads). MIRAGE exploits the latent manifold of real-world data learned by diffusion models, and searches for semantically mutated scenes neighboring the ground truth with the same road topology yet mislead the mapping predictions. We evaluate MIRAGE on nuScenes and demonstrate two attacks: (1) boundary removal, suppressing 57.7% of detections and corrupting 96% of planned trajectories; and (2) boundary injection, the only method that successfully injects fictitious boundaries, while pixel PGD and AdvPatch fail entirely. Both attacks remain potent under various adversarial defenses. We use two independent VLM judges to quantify realism, where MIRAGE passes as realistic 80--84% of the time (vs. 97--99% for clean nuScenes), while AdvPatch only 0--9%. Our findings expose a categorical gap in current adversarial defenses: semantic-level perturbations that manifest as legitimate environmental variation are substantially harder to mitigate than pixel-level perturbations.

0 citations0 reviewsNo code linkedOpen access
preprint2022arXiv

Contrastive Graph Convolutional Networks for Hardware Trojan Detection in Third Party IP Cores

The availability of wide-ranging third-party intellectual property (3PIP) cores enables integrated circuit (IC) designers to focus on designing high-level features in ASICs/SoCs. The massive proliferation of ICs brings with it an increased number of bad actors seeking to exploit those circuits for various nefarious reasons. This is not surprising as integrated circuits affect every aspect of society. Thus, malicious logic (Hardware Trojans, HT) being surreptitiously injected by untrusted vendors into 3PIP cores used in IC design is an ever present threat. In this paper, we explore methods for identification of trigger-based HT in designs containing synthesizable IP cores without a golden model. Specifically, we develop methods to detect hardware trojans by detecting triggers embedded in ICs purely based on netlists acquired from the vendor. We propose GATE-Net, a deep learning model based on graph-convolutional networks (GCN) trained using supervised contrastive learning, for flagging designs containing randomly-inserted triggers using only the corresponding netlist. Our proposed architecture achieves significant improvements over state-of-the-art learning models yielding an average 46.99% improvement in detection performance for combinatorial triggers and 21.91% improvement for sequential triggers across a variety of circuit types. Through rigorous experimentation, qualitative and quantitative performance evaluations, we demonstrate effectiveness of GATE-Net and the supervised contrastive training of GATE-Net for HT detection.

0 citations0 reviewsNo code linkedOpen access
preprint2021arXiv

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems

Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are resource-constrained, such as lower processing capabilities, as compared to general purpose computing systems like desktops or servers. However, allowing external interfaces to such embedded systems increases their exposure to attackers. With an increase in attacks against embedded systems ranging from home appliances to industrial control systems operating critical equipment that have hard real-time requirements, it is imperative that defense mechanisms be created that explicitly consider such resource and real-time constraints constraints. Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution. We survey CFI techniques, ranging from the basic to state-of-the-art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded systems, of CFI mechanisms. We then present open challenges to the community to help drive research in this domain.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

GhostImage: Remote Perception Attacks against Camera-based Image Classification Systems

In vision-based object classification systems imaging sensors perceive the environment and machine learning is then used to detect and classify objects for decision-making purposes; e.g., to maneuver an automated vehicle around an obstacle or to raise an alarm to indicate the presence of an intruder in surveillance settings. In this work we demonstrate how the perception domain can be remotely and unobtrusively exploited to enable an attacker to create spurious objects or alter an existing object. An automated system relying on a detection/classification framework subject to our attack could be made to undertake actions with catastrophic results due to attacker-induced misperception. We focus on camera-based systems and show that it is possible to remotely project adversarial patterns into camera systems by exploiting two common effects in optical imaging systems, viz., lens flare/ghost effects and auto-exposure control. To improve the robustness of the attack to channel effects, we generate optimal patterns by integrating adversarial machine learning techniques with a trained end-to-end channel model. We experimentally demonstrate our attacks using a low-cost projector, on three different image datasets, in indoor and outdoor environments, and with three different cameras. Experimental results show that, depending on the projector-camera distance, attack success rates can reach as high as 100% and under targeted conditions.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

On the Feasibility of Exploiting Traffic Collision Avoidance System Vulnerabilities

Traffic Collision Avoidance Systems (TCAS) are safety-critical systems required on most commercial aircrafts in service today. However, TCAS was not designed to account for malicious actors. While in the past it may have been infeasible for an attacker to craft radio signals to mimic TCAS signals, attackers today have access to open-source digital signal processing software, like GNU Radio, and inexpensive software defined radios (SDR) that enable the transmission of spurious TCAS messages. In this paper, methods, both qualitative and quantitative, for analyzing TCAS from an adversarial perspective are presented. To demonstrate the feasibility of inducing near mid-air collisions between current day TCAS-equipped aircraft, an experimental Phantom Aircraft generator is developed using GNU Radio and an SDR against a realistic threat model.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Secure Traffic Lights: Replay Attack Detection for Model-based Smart Traffic Controllers

Rapid urbanization calls for smart traffic management solutions that incorporate sensors, distributed traffic controllers and V2X communication technologies to provide fine-grained traffic control to mitigate congestion. As in many other cyber-physical systems, smart traffic management systems typically lack security measures. This allows numerous opportunities for adversarial entities to craft attacks on the sensor networks, wireless data sharing and/or the distributed traffic controllers. We show that such vulnerabilities can be exploited to disrupt mobility in a large urban area and cause unsafe conditions for drivers and the pedestrians on the roads. Specifically, in this paper, we look into vulnerabilities in model-based traffic controllers and show that, even with state-of-the-art attack detectors in place, false-data injection can be used to hamper mobility. We demonstrate a replay attack by modeling an isolated intersection in VISSIM, a popular traffic simulator and also discuss countermeasures to thwart such attacks.

0 citations0 reviewsNo code linkedOpen access
preprint2020arXiv

Spotr: GPS Spoofing Detection via Device Fingerprinting

As the worlds predominant navigation system GPS is critical to modern life, finding applications in diverse areas like information security, healthcare, marketing, and power and water grid management. Unfortunately this diversification has only served to underscore the insecurity of GPS and the critical need to harden this system against manipulation and exploitation. A wide variety of attacks against GPS have already been documented, both in academia and industry. Several defenses have been proposed to combat these attacks, but they are ultimately insufficient due to scope, expense, complexity, or robustness. With this in mind, we present our own solution: fingerprinting of GPS satellites. We assert that it is possible to create signatures, or fingerprints, of the satellites (more specifically their transmissions) that allow one to determine nearly instantly whether a received GPS transmission is authentic or not. Furthermore, in this paper we demonstrate that this solution detects all known spoofing attacks, that it does so while being fast, cheap, and simpler than previous solutions, and that it is highly robust with respect to environmental factors.

0 citations0 reviewsNo code linkedOpen access