Automated Testing of Physical Security: Red Teaming Through Machine Learning
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Modern surveillance systems for practical applications with diverse and mobile sensors are large, complex, and expensive. It is known that unexpected behaviors can emerge from such systems, and when these behaviors correspond to weaknesses in a surveillance system, we call them emergent vulnerabilities. Given their cost and importance to security, it is essential to test these systems for such vulnerabilities prior to deployment. To that end, we automate the testing process with multiagent systems and machine learning. However, the conventional—and most intuitive–approach is to focus the machine learning on the subject system, which leads to a high‐dimensional problem that is intractable. Instead, we demonstrate in this paper that learning attacks on the system is tractable and provides a viable testing method. We demonstrate this with a series of studies in simulation and with a small‐scale model system featuring elements typically found in real physical surveillance systems. Our machine learning method finds successful attacks in simulation, which we can duplicate with the physical system. The method is scalable, with the implication that it could be used to test larger, real surveillance installations.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.000 | 0.001 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.001 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.000 |
| Open science | 0.001 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.000 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it