[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"doc-detail-82607-en":3,"doc-seo-82607-105":29,"detail-sidebar-cat-0-en-105":90},{"code":4,"msg":5,"data":6},0,"success",{"doc_id":7,"user_id":8,"nickname":9,"user_avatar":10,"doc_module":4,"category_id":11,"category_name":12,"doc_title":13,"doc_description":14,"doc_content":15,"file_id":16,"file_url":17,"file_type":18,"file_size":19,"view_count":4,"is_deleted":4,"is_public":20,"is_downloadable":20,"audit_status":20,"page_count":21,"language":22,"language_code":23,"site_id":24,"html_lang":23,"table_of_contents":25,"faqs":26,"seo_title":13,"seo_description":14,"update_tm":27,"read_time":28},82607,8796095360427,"Lucas Martin","https://ap-avatar.wpscdn.com/davatar_994ba38a5ba835b3df7d355c54d3ed8d",8,"Research & Report","Chameleon Recovering Cyber Physical Systems from Memory Corruption Attacks via ML Surrogates","Cyber-physical systems increasingly face memory corruption vulnerabilities that enable attackers to hijack control flow, creating unacceptable risk for safety-critical tasks when defenses merely terminate, halt, or reboot execution. Chameleon introduces an automatic recovery framework that replaces the compromised compartment with an ML-based surrogate trained at compartment granularity. The surrogate nearly replicates original behavior while removing the original memory corruption vulnerabilities, using LLVM for implementation. Evaluations on seven robotic vehicles show high behavioral approximation (average R2 = 0.96) and successful task completion with low overhead.","Chameleon: Recovering Cyber-Physical Systems from Memory Corruption Attacks  \nvia ML Surrogates  \nMohsen Salehi  \nThe University of British Columbia Vancouver, Canada [msalehi@ece.ubc.ca](msalehi@ece.ubc.ca)  \nKarthik Pattabiraman  \nThe University of British Columbia Vancouver, Canada [karthikp@ece.ubc.ca](karthikp@ece.ubc.ca)  \narXiv :2607 .0 1356v 1 [ cs .CR] 1 Jul 2026  \nAbstract—Cyber-physical systems (CPSs) are increasingly deployed in every aspect of our lives and can be compromised through memory corruption vulnerabilities, allowing attackers to hijack the control flow and take over the system. Existing techniques mostly focus on detecting such attacks but respond by terminating or halting execution upon attack detection, which is not acceptable in CPSs used in safety-critical tasks, as interrupted tasks can have catastrophic consequences. Other techniques replace compromised CPS components with simplified defaults that degrade system behavior, or reboot the system upon attack detection.  \nWe propose Chameleon, a novel framework for automatically recovering CPSs from memory corruption attacks using machine learning (ML)-based surrogates trained at compartment granularity that nearly replicate their original compartments’ behavior but do not have the same memory corruption vulnerabilities. Upon attack detection, Chameleon replaces the compromised compartment with its trained surrogate. We implemented Chameleon using the LLVM compiler and evaluated its efficiency and effectiveness on seven different robotic vehicles (RVs), including simulated and real ones. We found that Chameleon can generate surrogates that closely approximate the original compartments (with an average R2 =0.96), successfully recover the system despite real-world memory corruption attacks unlike prior approaches, and complete their tasks while incurring low performance and memory overhead.  \n1. Introduction  \nCyber-physical systems (CPSs) are deployed across safety-critical infrastructures from medical devices to robotic vehicles (RVs) . Most CPS software, including firmware, is developed using languages such as C and C++, which are prone to memory corruption vulnerabilities (e.g., buffer overflows) . For instance, a study of two widely used open-source RVs’ firmware [1], ArduPilot [2] and PX4 [3], found that more than half of all patched firmware bugs stem from memory corruption. An attacker who exploits such a vulnerability can hijack the control flow, and potentially cause loss of control resulting in catastrophic failure (§2.1) . Existing software defenses such as control flow integrity (CFI) [4], [5] and data flow integrity (DFI) [6] can detect  \nmemory corruption attacks, but they either terminate the process, or halt execution upon error detection. However, this response is insufficient for CPSs, as these systems operate continuously in safety-critical environments. For example, abruptly terminating or halting execution of an RV midoperation can cause it to crash. Thus we need techniques for recovering CPSs after an attack has occurred, i.e., resilience. Different techniques have been proposed for resilience, and they fall into three main categories: (i) physical recovery, (ii) software or hardware redundancy, and (iii) memory corruption attack recovery. All of these techniques face fundamental limitations. (1) Physical attack recovery techniques [7], [8], [9], [10] are only effective against physical attacks such as GPS spoofing and not memory corruption attacks. (2) Software or hardware redundancy techniques [11], [12], [13] are effective against random faults, but are insufficient against memory corruption attacks, since redundant instances have the same underlying vulnerability.  \n(3) Approaches such as rebooting system components [14],[15], [16], or replacing the compromised system part with a simplified instance that returns a default value [17], either have long recovery times or result in unsafe behavior, making them impractical for CPSs ","cbCaikadAmACjoHs","https://ap.wps.com/l/cbCaikadAmACjoHs","pdf",5914764,1,16,"English","en",105,"# Introduction\n## Problem and limitations of existing defenses\n## Resilience approaches for CPS recovery\n## Core insight and inspiration\n## Proposed Chameleon framework\n## Key innovations","[{\"question\":\"Why are detection-only defenses insufficient for memory corruption attacks in CPSs?\",\"answer\":\"Many defenses detect the attack but terminate or halt execution. CPSs operate continuously in safety-critical environments, so interruption can lead to crashes and catastrophic failure.\"},{\"question\":\"How does Chameleon recover a CPS after an attack is detected?\",\"answer\":\"Chameleon replaces the compromised firmware compartment with a trained ML-based surrogate. The surrogate is behaviorally equivalent yet lacks the original memory corruption vulnerabilities.\"},{\"question\":\"What makes Chameleon effective according to the reported evaluation?\",\"answer\":\"Chameleon trains surrogates at compartment granularity, achieving close behavioral approximation with an average R2 of 0.96. It successfully recovers real-world memory corruption attacks on multiple robotic vehicles while keeping performance and memory overhead low.\"}]",1784181769,40,{"code":4,"msg":30,"data":31},"ok",{"site_id":24,"language":23,"slug":32,"title":13,"keywords":33,"description":14,"schema_data":34,"social_meta":85,"head_meta":87,"extra_data":89,"updated_unix":27},"chameleon-recovering-cyber-physical-systems-from-memory-corruption-attacks-via-ml-surrogates","",{"@graph":35,"@context":84},[36,53,67],{"@type":37,"itemListElement":38},"BreadcrumbList",[39,43,47,50],{"item":40,"name":41,"@type":42,"position":20},"https://docshare.wps.com","Home","ListItem",{"item":44,"name":45,"@type":42,"position":46},"https://docshare.wps.com/document/","Document",2,{"item":48,"name":12,"@type":42,"position":49},"https://docshare.wps.com/document/research-report/",3,{"item":51,"name":13,"@type":42,"position":52},"https://docshare.wps.com/document/chameleon-recovering-cyber-physical-systems-from-memory-corruption-attacks-via-ml-surrogates/82607/",4,{"url":51,"name":13,"@type":54,"author":55,"headline":13,"publisher":57,"fileFormat":60,"inLanguage":23,"description":14,"dateModified":61,"datePublished":61,"encodingFormat":60,"isAccessibleForFree":62,"interactionStatistic":63},"DigitalDocument",{"name":9,"@type":56},"Person",{"url":40,"name":58,"@type":59},"DocShare","Organization","application/pdf","2026-07-16",true,{"@type":64,"interactionType":65,"userInteractionCount":4},"InteractionCounter",{"@type":66},"ViewAction",{"@type":68,"mainEntity":69},"FAQPage",[70,76,80],{"name":71,"@type":72,"acceptedAnswer":73},"Why are detection-only defenses insufficient for memory corruption attacks in CPSs?","Question",{"text":74,"@type":75},"Many defenses detect the attack but terminate or halt execution. CPSs operate continuously in safety-critical environments, so interruption can lead to crashes and catastrophic failure.","Answer",{"name":77,"@type":72,"acceptedAnswer":78},"How does Chameleon recover a CPS after an attack is detected?",{"text":79,"@type":75},"Chameleon replaces the compromised firmware compartment with a trained ML-based surrogate. The surrogate is behaviorally equivalent yet lacks the original memory corruption vulnerabilities.",{"name":81,"@type":72,"acceptedAnswer":82},"What makes Chameleon effective according to the reported evaluation?",{"text":83,"@type":75},"Chameleon trains surrogates at compartment granularity, achieving close behavioral approximation with an average R2 of 0.96. It successfully recovers real-world memory corruption attacks on multiple robotic vehicles while keeping performance and memory overhead low.","https://schema.org",{"og:url":51,"og:type":86,"og:title":13,"og:site_name":58,"og:description":14},"article",{"robots":88,"canonical":51},"index,follow",{"doc_id":7,"site_id":24},{"code":4,"msg":5,"data":91},[92,96,100,104,109,114,118,121,126,129,133],{"id":20,"doc_module":4,"doc_module_name":45,"category_name":93,"show_sort_weight":94,"slug":95},"Story & Novel",90,"story-novel",{"id":46,"doc_module":4,"doc_module_name":45,"category_name":97,"show_sort_weight":98,"slug":99},"Literature",80,"literature",{"id":52,"doc_module":4,"doc_module_name":45,"category_name":101,"show_sort_weight":102,"slug":103},"Exam",70,"exam",{"id":105,"doc_module":4,"doc_module_name":45,"category_name":106,"show_sort_weight":107,"slug":108},5,"Comic",60,"comic",{"id":110,"doc_module":4,"doc_module_name":45,"category_name":111,"show_sort_weight":112,"slug":113},6,"Technology",50,"technology",{"id":115,"doc_module":4,"doc_module_name":45,"category_name":116,"show_sort_weight":28,"slug":117},7,"Healthcare","healthcare",{"id":11,"doc_module":4,"doc_module_name":45,"category_name":12,"show_sort_weight":119,"slug":120},30,"research-report",{"id":122,"doc_module":4,"doc_module_name":45,"category_name":123,"show_sort_weight":124,"slug":125},9,"Religion & Spirituality",20,"religion-spirituality",{"id":124,"doc_module":4,"doc_module_name":45,"category_name":127,"show_sort_weight":124,"slug":128},"World Cup","world-cup",{"id":130,"doc_module":4,"doc_module_name":45,"category_name":131,"show_sort_weight":130,"slug":132},10,"Lifestyle","lifestyle",{"id":134,"doc_module":4,"doc_module_name":45,"category_name":135,"show_sort_weight":105,"slug":136},19,"General","general"]