Inter-detector differential fuzz testing for tamper detection in gamma spectrometers

We extend physical differential fuzz testing as an anti-tamper method for radiation detectors [Vavrek et al., Science and Global Security 2025] to comparisons across multiple detector units. The method was previously introduced as a tamper detection method for authenticating a single radiation detector in nuclear safeguards and treaty verification scenarios, and works by randomly sampling detector configuration parameters to produce a sequence of spectra that form a baseline signature of an untampered system. At a later date, after potential tampering, the same random sequence of parameters is used to generate another series of spectra that can be compared against the baseline. Anomalies in the series of comparisons indicate changes in detector behavior, which may be due to tampering. One limitation of this original method is that once the detector has gone downrange' and may have been tampered with, the original baseline is fixed, and a new trusted baseline can never be established if tests at new parameters are required. In this work, we extend our anti-tamper fuzz testing concept to multiple detector units, such that the downrange detector can be compared against a trusted or golden copy’ detector, even despite normal inter-detector manufacturing variations. We show using three NaI detectors that this inter-detector differential fuzz testing can detect a representative attack, even when the tested and golden copy detectors are from different manufacturers and have different performances. Here, detecting tampering requires visualizing the comparison metric vs. the parameter values and not just the sample number; moreover this baseline is non-linear and may require anomaly detection methods more complex than a simple threshold. Overall, this extension to multiple detectors improves prospects for operationalizing the technique in real-world treaty verification and safeguards contexts.

💡 Research Summary

The paper extends the concept of physical differential fuzz testing (PDFT) from a single radiation detector to a multi‑detector configuration, addressing a key operational limitation of the original method. In the original PDFT (Vavrek et al., 2025), a detector is characterized by a sequence of gamma‑ray spectra obtained under randomly sampled configuration parameters (pulse width, fine gain, system time, etc.). This sequence serves as a baseline signature; later measurements using the same random parameter sequence are compared to the baseline, and statistically significant deviations indicate possible tampering. The drawback is that once a detector has been deployed (“gone downrange”) the baseline cannot be updated, and any new fuzzing sequence lacks a trusted reference.

To overcome this, the authors propose an inter‑detector differential fuzz testing scheme in which a “golden copy” detector, kept in a secure laboratory, is fuzz‑tested in parallel with the deployed detector. By using the same random seed, both detectors experience identical parameter settings, allowing direct spectral comparison despite normal manufacturing variations. The study uses three 4 × 4 × 4 inch NaI(Tl) scintillation detectors: two Harshaw units (IDs 010 and 238) and one Bicron unit (ID 269). The detectors differ in historical energy resolution (≈4.4 % vs. 3.8 % at 662 keV) and high‑voltage bias, providing a realistic test of inter‑detector variability.

Experimental Procedure

• A 7 µCi Cs‑137 source is positioned ~30 cm from each detector, partially shielded by lead bricks.
• For each detector, 100 spectra of 30 s dwell time are recorded. The fuzz parameters are sampled uniformly: pulse width 0.75–2.0 µs, fine gain 0.5–1.2, and system time randomly chosen from the interval “now to 7 days ago”. The high voltage is fixed per detector (1000 V for 010, 800 V for 238, 850 V for 269).
• Two data sets are collected per detector: (i) a baseline set with no attack, and (ii) an “attacked” set where a time‑based duplication attack is injected. The attack activates only on Sundays (≈1/7 of the time) and duplicates each detected event with probability 0.5, effectively halving the apparent count rate during the attack window. The attack is hidden by monkey‑patching the NumPy copy function at runtime.

Calibration and Pre‑processing
Each detector is calibrated using an Eu‑154 source. Peaks are automatically detected with a convolution filter, matched to known Eu‑154 energies, and a quadratic energy‑channel relationship is fitted. Because the fuzz parameters (pulse width, fine gain) affect gain and shaping, a single calibration per detector (at fine gain 0.8, pulse width 1.25 µs) is used for all measurements; resulting “apparent energies” may drift slightly with other settings. To enable direct spectral comparison, all calibrated spectra are linearly interpolated to a common 1 keV binning from 0 to 1400 keV, with zero‑padding where necessary. This interpolation introduces bin correlation, which changes the absolute scale of the chosen similarity metric.

Similarity Metric
The authors adopt the modified reduced chi‑square metric introduced in the original PDFT work:

\