Papers
Topics
Authors
Recent
Search
2000 character limit reached

Real-World System Attacks

Updated 18 April 2026
  • Real-world system attacks are targeted adversarial disruptions that subvert deployed systems by exploiting operational, environmental, and hardware vulnerabilities.
  • They span a range of vectors, including adversarial patches, protocol-compliant resource exhaustion, wireless jamming, sensor spoofing, and smart contract manipulations.
  • Empirical evaluations report high attack success rates—often over 80%—which drive ongoing research into resilient, holistic defense strategies.

A real-world system attack is a targeted, adversarially engineered disruption or subversion of a deployed computational, cyber-physical, or machine learning system, exploiting domain-specific vulnerabilities under operational, non-laboratory conditions. These attacks span digital, physical, analog, and control-domain vectors, impacting diverse applications from biometric access and vehicular safety to industrial automation, smart contracts, and IoT infrastructures. The defining feature is practical feasibility: the attack can be executed against real systems in situ, overcoming environmental variation, hardware constraints, and non-differentiable or black-box components.

1. Taxonomy of Real-World System Attacks

Attack strategies in the real world exploit vulnerabilities across multiple system layers, leveraging both cyber and physical modalities:

  • Adversarial Examples and Patch Attacks: Realizable adversarial artifacts, such as printed patterns for face detectors (Kaziakhmedov et al., 2019), stickers for face recognition models (Pautov et al., 2019), digital-physical adversarial displays for camera evasion (Leonenkova et al., 30 Mar 2026), and engineered visual triggers for RL robots (Huang et al., 20 Jan 2026), induce targeted misclassification or policy deviations under sensor, lens, and environmental transformations.
  • Protocol-Compliant Resource Exhaustion: Compliant but maliciously paced network traffic (e.g., UDP and J2735-BSM floods in C-V2X) cause denial-of-service without violating protocol semantics, degrading safety features such as Forward Collision Warning (Tine et al., 4 Aug 2025).
  • Wireless Man-in-the-Middle and Jamming: Physical-layer exploits harness electromagnetic leakage (e.g., HomePlug Green PHY in EV charging (Szakály et al., 21 Jan 2026)) and jamming frameworks (e.g., eSWORD for scalable wireless disruption (Robinson et al., 2023)), enabling message interception, replay, and injection in safety-critical systems.
  • Sensor and Control-System Attacks: Embedded controllers in industrial or robotics settings are compromised via stealthy sensor perturbations (Hashemi et al., 2017), analog sensor spoofing (Tu et al., 2022), or timed logic abuse (e.g., programmable logic controller backdoors (Anton et al., 2019)) to induce process deviation or mask payloads.
  • Learning System Subversion: Runtime model parameter patching instantiates stealthy DNN backdoors via direct memory manipulation (Costales et al., 2020), often evading post-deployment detection and runtime monitors.
  • Agent Prompt Injection and RAG Attacks: Data-driven prompt manipulations of agentic or retrieval-augmented systems hijack action planning or response logic through indirect insertion channels (web, email, API) (Li et al., 3 Feb 2026, Triantafyllopoulos et al., 4 Aug 2025).
  • Smart Contract Transaction Manipulation: On-chain exploits are engineered to front-run, hijack, or backrun attacker contracts, often circumventing mempool-based detection through private relay use and sophisticated transaction cloning/repair (Shou et al., 2024).

2. Attack Models and Threat Assumptions

A rigorous threat model specifies attacker knowledge, access, and goals:

3. Attack Methodologies and Pipeline

The attack pipeline is grounded in joint optimization and engineering constraints:

4. Empirical Evaluation and Impact Metrics

Evaluation of real-world attacks demands domain- and system-specific quantitative metrics:

5. Limitations, Countermeasures, and Systemic Implications

System-level defenses, practical constraints, and broader implications are a central focus:

6. Representative Attacks and Empirical Summary

The diversity and potency of real-world system attacks is captured in the following comparative summary:

Domain / Target Attack Technique Key Result / Metric Reference
Face Detection (MTCNN) Physical patch, EoT optimization 80–90% face misdetection over video at multiple distances (Kaziakhmedov et al., 2019)
Face Recognition Printed grayscale stickers on face 100% attack success (eyeglasses, forehead) in live trials (Pautov et al., 2019)
RL Robot Navigation Diffusion-patch trigger, advantage-based poisoning 83.5% targeted attack success (real TurtleBot3) (Huang et al., 20 Jan 2026)
EV Charging SDR-based MitM, protocol tampering Remote spoofing, safety override, full protocol control (Szakály et al., 21 Jan 2026)
C-V2X Safety Protocol-compliant UDP/BSM floods PDR drop to 10.2%, suppression of FCW alert (Tine et al., 4 Aug 2025)
Wireless Networks Hardware-in-the-loop jamming 58–60% throughput drop, ∼1 s recovery, >95% metric accuracy (Robinson et al., 2023)
Industrial ICS Logic/sensor injection, Matrix Profile Unsupervised anomaly detection detects both subtle and overt attacks (Anton et al., 2019)
Smart Contracts Exploit cloning, path repair $410M saved over 2023–24, >90% of incidents unsolved by classic frontrunning (Shou et al., 2024)

This landscape underscores that practical, system-level adversarial techniques can reliably circumvent both machine learning model and classical protocol defenses, causing denial, impersonation, or covert control in a range of mission- and safety-critical applications.

7. Research Directions and Open Challenges

Current research highlights several unresolved challenges and opportunities:

  • Dynamic Physical Adversaries: Future work must address attacks that adapt in the field to changing environments, multi-agent or multi-sensor settings, and compound interaction effects.
  • Benchmarks and Standardization: Dynamic and context-rich benchmarks such as AgentDyn (Li et al., 3 Feb 2026) expose underappreciated failure modes in LLM-agent defenses and are needed to enable reproducible, comparative evaluation.
  • Holistic System Analysis: Security research must integrate network, physical, and machine learning perspectives to defend complex, hybrid architectures typical in cyber-physical systems.
  • Automated and Scalable Defense: Machine learning-based detectors, input sanitization, continuous monitoring, and patch deployment must scale to the diversity and velocity of emerging attack strategies.

Real-world system attacks exemplify the necessity of cross-disciplinary, cross-layer analysis for both offensive and defensive security, leveraging rigorous system models, empirical validation, and domain-specific threat intelligence. Citations include (Kaziakhmedov et al., 2019, Pautov et al., 2019, Szakály et al., 21 Jan 2026, Tine et al., 4 Aug 2025, Robinson et al., 2023, Anton et al., 2019, Huang et al., 20 Jan 2026, Costales et al., 2020, Leonenkova et al., 30 Mar 2026, Shou et al., 2024, Tu et al., 2022, Triantafyllopoulos et al., 4 Aug 2025, Li et al., 3 Feb 2026).

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Real-world System Attacks.