Emma J. Reid

Jordan Tschida, Matthew Yohe, Edward Kane et al.

Time series classification (TSC) of biological signals has progressed from handcrafted, modality-specific approaches to deep architectures capable of representing the diverse waveform structures of underlying physiological processes (i.e., morphology). This review introduces a unified morphology--modality framework that connects waveform structure to a methodological design, revealing how spikes, bursts, oscillations, slow drift, and hierarchical rhythms inform model design. By analyzing electroencephalography, electromyography, electrocardiography, photoplethysmography, and ocular modalities (electrooculography, pupillometry, eye-tracking), the review demonstrates how morphology determines preprocessing and modeling strategies. Integrating evidence across these biological signals, the framework reveals that morphology, not model class, most strongly determines performance and interpretability. This provides insight into why deep models succeed when their inductive biases align with underlying waveform dynamics. This review also identifies future work including morphological data augmentation and evaluation metrics to improve generalization. Together, these insights position morphology-aware modeling as a unifying principle for developing generalizable, interpretable, and physiologically meaningful TSC models across biological signals.

Gavin Glenn, Emma J. Reid

The robust stability problem involves designing a controlled system which remains stable in the presence of modeling uncertainty. In this context, results known as small gain theorems are used to quantify the maximum amount of uncertainty for which stability is guaranteed. These notions inform the design of numerous control systems, including critical infrastructure components such as power grids, gas pipelines, and water systems. However, these same concepts can be used by an adversary to design a malicious feedback attack, of minimal size, to drive the closed-loop system to instability. In this paper, we first present a detailed review of the results in robust control which allow for the construction of minimal destabilizers. These minimally sized attacks merely push the system to the stability boundary, which we demonstrate do not necessarily destabilize nonlinear systems even when the linearization is destabilized. Our main result leverages linear perturbation theory to explicitly prove, in the state space context, that internal destabilization is guaranteed for a broad class of nonlinear systems when the gain of these attacks is slightly increased.

Haley Duba-Sullivan, Steven R. Young, Emma J. Reid

Data-driven super-resolution (SR) methods are often integrated into imaging pipelines as preprocessing steps to improve downstream tasks such as classification and detection. However, these SR models introduce a previously unexplored attack surface into imaging pipelines. In this paper, we present AdvSR, a framework demonstrating that adversarial behavior can be embedded directly into SR model weights during training, requiring no access to inputs at inference time. Unlike prior attacks that perturb inputs or rely on backdoor triggers, AdvSR operates entirely at the model level. By jointly optimizing for reconstruction quality and targeted adversarial outcomes, AdvSR produces models that appear benign under standard image quality metrics while inducing downstream misclassification. We evaluate AdvSR on three SR architectures (SRCNN, EDSR, SwinIR) paired with a YOLOv11 classifier and demonstrate that AdvSR models can achieve high attack success rates with minimal quality degradation. These findings highlight a new model-level threat for imaging pipelines, with implications for how practitioners source and validate models in safety-critical applications.