SecureSense: Defending Adversarial Attack for Secure Device-Free Human Activity Recognition
This addresses security risks in wireless sensing applications, such as activity recognition and person identification, by providing a novel defense against adversarial threats, though it is incremental as it builds on existing adversarial defense concepts in a new domain.
The paper tackles the vulnerability of device-free human activity recognition systems to adversarial attacks, showing that attacks can drastically reduce accuracy, and proposes SecureSense, a defense framework that significantly enhances model robustness against such attacks.
Deep neural networks have empowered accurate device-free human activity recognition, which has wide applications. Deep models can extract robust features from various sensors and generalize well even in challenging situations such as data-insufficient cases. However, these systems could be vulnerable to input perturbations, i.e. adversarial attacks. We empirically demonstrate that both black-box Gaussian attacks and modern adversarial white-box attacks can render their accuracies to plummet. In this paper, we firstly point out that such phenomenon can bring severe safety hazards to device-free sensing systems, and then propose a novel learning framework, SecureSense, to defend common attacks. SecureSense aims to achieve consistent predictions regardless of whether there exists an attack on its input or not, alleviating the negative effect of distribution perturbation caused by adversarial attacks. Extensive experiments demonstrate that our proposed method can significantly enhance the model robustness of existing deep models, overcoming possible attacks. The results validate that our method works well on wireless human activity recognition and person identification systems. To the best of our knowledge, this is the first work to investigate adversarial attacks and further develop a novel defense framework for wireless human activity recognition in mobile computing research.