Zahra Hashemi

Parsa Memarzadehsaghezi, Zahra Hashemi, Pooria Madani et al.

Evasion attacks present a significant challenge to the robustness of machine learning (ML)-based classifiers, particularly in critical applications such as fraud detection and cybersecurity. Although existing defense mechanisms are effective in some settings, they often suffer from limited generalizability and do not systematically improve model robustness across diverse attack scenarios. To address these limitations, we introduce Robust Ensemble of Selectively Strengthened and Augmented Predictors (RESSAP), a novel framework that transforms a single classifier into an ensemble of robust classifiers. Each classifier in the ensemble is trained on a carefully selected subset of features, where feature selection is guided by a resilience metric that accounts for both feature importance and robustness. During inference, a random subset of these classifiers is used to make predictions, increasing unpredictability and improving resistance to adversarial manipulation. In addition, noise-based data augmentation is applied during training to strengthen decision boundaries and improve generalization. Our experimental results demonstrate that RESSAP significantly improves robustness against adversarial evasion attacks while maintaining strong accuracy on clean data. Overall, this model-agnostic framework provides a scalable and flexible defense strategy for enhancing the security of machine learning systems without requiring major changes to existing architectures.

Zahra Hashemi, Dipankar Maity

We consider event-triggered linear-quadratic Gaussian (LQG) control when sensor updates are transmitted over an i.i.d. packet-erasure channel. Although the optimal controller in a standard LQG setup is available in closed form, choosing when to transmit remains computationally and analytically difficult because packet drops randomize packet delivery and couple scheduling decisions with the estimation-error dynamics, making direct dynamic-programming solutions impractical. By certainty equivalence, the co-design problem becomes choosing a binary send/skip sequence that balances control performance and communication cost. We derive a closed-form expansion of the error covariance as precomputable Gramian terms scaled by a survival factor that depends only on the number of transmission attempts on each interval. This converts the problem into an unconstrained binary program that we linearize exactly via running attempt counters and a one-hot encoding, yielding a compact MILP well suited to receding-horizon implementation. On the linearized Boeing-747 benchmark, a model predictive control (MPC) scheduler lowers cost while attempting far fewer transmissions than a one-shot baseline across channel success rates.

Zahra Hashemi, Zhiqiang Zhong, Jun Pang et al.

The rapid evolution of large language models (LLMs) has fuelled enthusiasm about their role in advancing scientific discovery, with studies exploring LLMs that autonomously generate and evaluate novel research ideas. However, little attention has been given to the possibility that such models could be exploited to produce harmful research by repurposing open science artefacts for malicious ends. We fill the gap by introducing an end-to-end pipeline that first bypasses LLM safeguards through persuasion-based jailbreaking, then reinterprets NLP papers to identify and repurpose their artefacts (datasets, methods, and tools) by exploiting their vulnerabilities, and finally assesses the safety of these proposals using our evaluation framework across three dimensions: harmfulness, feasibility of misuse, and soundness of technicality. Overall, our findings demonstrate that LLMs can generate harmful proposals by repurposing ethically designed open artefacts; however, we find that LLMs acting as evaluators strongly disagree with one another on evaluation outcomes: GPT-4.1 assigns higher scores (indicating greater potential harms, higher soundness and feasibility of misuse), Gemini-2.5-pro is markedly stricter, and Grok-3 falls between these extremes. This indicates that LLMs cannot yet serve as reliable judges in a malicious evaluation setup, making human evaluation essential for credible dual-use risk assessment.