Robustness and Certified Safety in Adversarial Machine Learning for Critical Infrastructure

Authors

  • Nikhil Baman School of Computing, Clemson University, Clemson, SC, USA.
  • Brant Riley Department of Electrical Engineering and Computer Science, University of Missouri, Columbia, MO, USA.

Keywords:

adversarial machine learning, critical infrastructure, certified safety, robustness, formal verification, socio-technical systems, governance, resilience engineering

Abstract

The integration of machine learning into critical infrastructure systems, including power grids, water distribution networks, transportation control, and healthcare delivery, has introduced unprecedented operational efficiencies and predictive capabilities. However, this integration has simultaneously exposed these systems to adversarial threats that exploit vulnerabilities in learned models. This paper presents a comprehensive examination of adversarial machine learning in the context of critical infrastructure, with a focus on robustness and certified safety as dual imperatives. We argue that traditional approaches to adversarial defense, which often prioritize empirical robustness through heuristic augmentation, are insufficient for infrastructure contexts where failure carries catastrophic consequences. Instead, we advocate for a systems-level framework that incorporates certified defenses, formal verification, and structural redundancy as foundational components. The paper explores the architectural trade-offs between model complexity and certifiability, the governance challenges of deploying certified models in legacy infrastructure, and the policy implications of adversarial risk in public goods systems. Through cross-domain case analysis and forward-looking synthesis, we demonstrate that certified safety must be understood not merely as a technical property but as a socio-technical contract between system operators, regulators, and the public. We further examine how federated learning paradigms, such as those explored in recent privacy-preserving enterprise systems, inform the distributed governance of adversarial robustness. The paper concludes with a set of design principles and research priorities for building critical infrastructure machine learning systems that are both robust to adversarial manipulation and certifiably safe under formal guarantees.

References

1. Goodfellow, I. J., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. In International Conference on Learning Representations.

2. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2018). Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations.

3. Mozaffari-Kermani, M., Sur-Kolay, S., Raghunathan, A., & Jha, N. K. (2015). Systematic poisoning attacks on and defenses for machine learning in healthcare. IEEE Journal of Biomedical and Health Informatics, 19(6), 1892-1900.

4. Cohen, J., Rosenfeld, E., & Kolter, J. Z. (2019). Certified adversarial robustness via randomized smoothing. In International Conference on Machine Learning (pp. 1310-1320).

5. Biggio, B., & Roli, F. (2018). Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84, 317-331.

6. Papernot, N., McDaniel, P., Sinha, A., & Wellman, M. P. (2018). SoK: Security and privacy in machine learning. In IEEE European Symposium on Security and Privacy (pp. 399-414).

7. Athalye, A., Carlini, N., & Wagner, D. (2018). Obfuscated gradients give a false sense of security: Circumventing defenses to adversarial examples. In International Conference on Machine Learning (pp. 274-283).

8. Lecuyer, M., Atlidakis, V., Geambasu, R., Hsu, D., & Jana, S. (2019). Certified robustness to adversarial examples with differential privacy. In IEEE Symposium on Security and Privacy (pp. 656-672).

9. Wong, E., & Kolter, J. Z. (2018). Provable defenses against adversarial examples via the convex outer adversarial polytope. In International Conference on Machine Learning (pp. 5286-5295).

10. Tsuzuku, Y., Sato, I., & Sugiyama, M. (2018). Lipschitz-margin training: Scalable certification of perturbation invariance for deep neural networks. In Advances in Neural Information Processing Systems (pp. 6541-6550).

11. Li, Y., & Vorobeychik, Y. (2022). Adversarial machine learning in control: A survey. Annual Reviews in Control, 53, 1-17.

12. Hasan, M. M. (2025). Federated learning models for privacy-preserving AI in enterprise decision systems. International Journal of Business and Economics Insights, 5(3), 238-269.

13. Gowal, S., Dvijotham, K., Stanforth, R., Bunel, R., Qin, C., Uesato, J., ... & Kohli, P. (2019). Scalable verified training for provably robust image classification. In IEEE International Conference on Computer Vision (pp. 4842-4851).

14. North American Electric Reliability Corporation. (2023). Critical infrastructure protection standards. NERC.

15. Huang, L., Joseph, A. D., Nelson, B., Rubinstein, B. I., & Tygar, J. D. (2011). Adversarial machine learning. In ACM Workshop on Security and Artificial Intelligence (pp. 43-58).

16. Lee, J. D., & See, K. A. (2004). Trust in automation: Designing for appropriate reliance. Human Factors, 46(1), 50-80.

17. Sitawarin, C., Bhagoji, A. N., Mosenia, A., Chiang, M., & Mittal, P. (2018). DARTS: Deceiving autonomous cars with toxic signs. arXiv preprint arXiv:1802.06430.

18. Chen, Y., Tan, Y., & Zhang, B. (2021). Exploiting vulnerabilities of load forecasting via adversarial attacks. IEEE Transactions on Smart Grid, 12(3), 2553-2564.

19. Raghunathan, A., Steinhardt, J., & Liang, P. (2018). Certified defenses against adversarial examples. In International Conference on Learning Representations.

20. Finlayson, S. G., Bowers, J. D., Ito, J., Zittrain, J. L., Beam, A. L., & Kohane, I. S. (2019). Adversarial attacks on medical machine learning. Science, 363(6433), 1287-1289.

21. Raji, I. D., Smart, A., White, R. N., Mitchell, M., Gebru, T., Hutchinson, B., ... & Barnes, P. (2020). Closing the AI accountability gap: Defining an end-to-end framework for internal algorithmic auditing. In ACM Conference on Fairness, Accountability, and Transparency (pp. 33-44).

Downloads

Published

2026-05-18

How to Cite

Nikhil Baman, & Brant Riley. (2026). Robustness and Certified Safety in Adversarial Machine Learning for Critical Infrastructure. Artificial Intelligence and Machine Learning Systems, 1(1). Retrieved from https://aimls.org/index.php/home/article/view/120

Issue

Vol. 1 No. 1 (2026): Artificial Intelligence and Machine Learning Systems

Section

Articles

License

Copyright (c) 2026 Artificial Intelligence and Machine Learning Systems

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.