Research – Alvaro A. Cardenas

Research Areas

My research spans the security of cyber-physical systems, robotic and embodied AI systems, critical infrastructures, and the interplay between machine learning and security. Below are three major thrusts with representative publications..

Security of Robotic Vehicles and Embodied AI

We study attacks and defenses for autonomous vehicles and robotic systems, including drones and ground robots. Our work focuses on prompt- and perception-based attacks against embodied AI, physics-aware attack detection, and real-time recovery architectures that bring “common-sense” reasoning into safety-critical control loops.

CHAI: Command Hijacking against Embodied AI 4th IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2026.
D4+: Emergent Adversarial Driving Maneuvers with Approximate Functional Optimization Book Chapter. DDDAS Handbook 2026. Springer
Probing Vulnerabilities of Vision-LiDAR Based Autonomous Driving Systems CVPR Workshops. 2025.
Fast Attack Recovery for Stochastic Cyber-Physical Systems IEEE Real-Time and Embedded Technology and Applications Symposium (RTAS), 2024.

Shared Reality: Detecting Stealthy Attacks Against Autonomous Vehicles ACM CPS & IoT Security Workshop (@CCS) 2021.

Real-Time Recovery for Cyber-Physical Systems Using Linear Approximations . IEEE Real-Time Systems Symposium (RTSS), 2020.
DARIA: Designing Actuators to Resist Arbitrary Attacks Against Cyber-Physical Systems . IEEE European Symposium on Security and Privacy (EuroS&P), 2020.
SAVIOR: Securing Autonomous Vehicles with Robust Physical Invariants . USENIX Security Symposium (USENIX Security), 2020.
Understanding Security Threats in Consumer Drones Through the Lens of the Discovery Quadcopter Family ACM IoT Security and Privacy Workshop (@CCS) 2017.

Security of the Power Grid and Industrial Control Systems

Critical infrastructures such as the power grid and industrial control systems (ICS/SCADA) are central to modern society and increasingly exposed to cyber threats. We analyze real-world attacks, design resilient control and monitoring architectures, and conduct measurement studies of operational industrial networks and protocols.

A Tale of Two Industroyers: It was the Season of Darkness . IEEE Symposium on Security and Privacy (IEEE S&P), 2024.
SoK: Security of Programmable Logic Controllers . USENIX Security Symposium (USENIX Security), 2024.
SCADA World: An Exploration of the Diversity in Power Grid Networks . Proceedings of the ACM on Measurement and Analysis of Computing Systems (POMACS), 2024.
Provable Adversarial Safety in Cyber-Physical Systems . IEEE European Symposium on Security and Privacy (EuroS&P), 2023.
MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and Defenses . USENIX Security Symposium (USENIX Security), 2022.
You Make Me Tremble: A First Look at Attacks Against Structural Control Systems . ACM Conference on Computer and Communications Security (CCS), 2021.
Uncharted Networks: A First Measurement Study of the Bulk Power Grid . ACM Internet Measurement Conference (IMC), 2020.
Not Everything is Dark and Gloomy: Power Grid Protections Against IoT Demand Attacks . USENIX Security Symposium (USENIX Security), 2019.
Limiting the Impact of Stealthy Attacks on Industrial Control Systems . ACM Conference on Computer and Communications Security (CCS), 2016.
Attacks Against Process Control Systems: Risk Assessment, Detection, and Response . ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011.

AI, Machine Learning, and Security

We explore the interplay between machine learning, privacy, and security: how to evaluate classifiers in adversarial environments, how differential privacy interacts with attack resilience, how to fuse alerts from multiple detectors, and how large language models (LLMs) and AI agents can be used (and misused) in cybersecurity.

Large Language Models are Autonomous Cyber Defenders IEEE Conference on Artificial Intelligence (CAI), 2025.
With a Little Help from My (LLM) Friends: Enhancing Static Analysis with LLMs to Detect Software Vulnerabilities IEEE/ACM International Workshop on Large Language Models for Code (LLM4Code) @ ICSE, 2025.
Adversarial Classification Under Differential Privacy Network and Distributed System Security Symposium (NDSS), 2020.
Principled Reasoning and Practical Applications of Alert Fusion in Intrusion Detection Systems ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2008.
Optimal ROC Curve for a Combination of Classifiers Advances in Neural Information Processing Systems (NeurIPS), 2007.
Evaluation of Classifiers: Practical Considerations for Security Applications AAAI Workshop on Evaluation Methods for Machine Learning, 2006.
B-ROC Curves for the Assessment of Classifiers over Imbalanced Data Sets AAAI Conference on Artificial Intelligence 2006.
A Framework for the Evaluation of Intrusion Detection Systems IEEE Symposium on Security and Privacy (IEEE S&P), 2006.