Universal Targeted Adversarial Attacks Against mmWave-based Human Activity Recognition

Human activity recognition (HAR) systems based on millimeter wave (mmWave) technology have evolved in recent years due to their better privacy protection and enhanced sensor resolution. With the ever-growing HAR system deployment, the vulnerability of such systems has been revealed. However, existing efforts in HAR adversarial attacks only focus on untargeted attacks. In this paper, we propose the first targeted adversarial attacks against mmWave-based HAR through designed universal perturbation. A practical iteration algorithm is developed to craft perturbations that generalize well across different activity samples without additional training overhead. Different from existing work that only develops adversarial attacks for a particular mmWave-based HAR model, we improve the practicability of our attacks by broadening our target to the two most common mmWave-based HAR models (i.e., voxel-based and heatmap-based). In addition, we consider a more challenging black-box scenario by addressing the information deficiency issue with knowledge distillation and solving the insufficient activity sample with a generative adversarial network. We evaluate the proposed attacks on two different mmWave-based HAR models designed for fitness tracking. The evaluation results demonstrate the efficacy, efficiency, and practicality of the proposed targeted attacks with an average success rate of over 90%.

[1]  Shiwen Mao,et al.  Adversarial Human Activity Recognition Using Wi-Fi CSI , 2021, 2021 IEEE Canadian Conference on Electrical and Computer Engineering (CCECE).

[2]  Chenglin Miao,et al.  mmMesh: towards 3D real-time dynamic human mesh construction using millimeter-wave , 2021, MobiSys.

[3]  Anfu Zhou,et al.  m-Activity: Accurate and Real-Time Human Activity Recognition Via Millimeter Wave Radar , 2021, ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[4]  M. Rahman,et al.  PALMAR: Towards Adaptive Multi-inhabitant Activity Recognition in Point-Cloud Technology , 2021, IEEE INFOCOM 2021 - IEEE Conference on Computer Communications.

[5]  Chris Harrison,et al.  Vid2Doppler: Synthesizing Doppler Radar Data from Videos for Training Privacy-Preserving Activity Recognition , 2021, CHI.

[6]  Luis A. Leiva,et al.  Pantomime , 2021, Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies.

[7]  Wesley De Neve,et al.  Investigating the significance of adversarial attacks and their relation to interpretability for radar-based human activity recognition systems , 2021, Comput. Vis. Image Underst..

[8]  Wei Wang,et al.  Real-time Arm Gesture Recognition in Smart Home Scenarios via Millimeter Wave Sensing , 2020, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[9]  Lu Su,et al.  Who Is in Control? Practical Physical Layer Attack and Defense for mmWave-Based Sensing in Autonomous Vehicles , 2020, IEEE Transactions on Information Forensics and Security.

[10]  Jian Liu,et al.  AdvPulse: Universal, Synchronization-free, and Targeted Audio Adversarial Attacks via Subsecond Perturbations , 2020, CCS.

[11]  Shiwen Mao,et al.  Threats of Adversarial Attacks in DNN-Based Modulation Recognition , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[12]  Yang Zhao,et al.  Adversarial Vulnerability in Doppler-based Human Activity Recognition , 2020, 2020 International Joint Conference on Neural Networks (IJCNN).

[13]  Liang Zhang,et al.  Device-Free Human Gesture Recognition With Generative Adversarial Networks , 2020, IEEE Internet of Things Journal.

[14]  Parth H. Pathak,et al.  mmASL: Environment-Independent ASL Gesture Recognition Using 60 GHz Millimeter-wave Signals , 2020, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[15]  James Bailey,et al.  Adversarial Camouflage: Hiding Physical-World Attacks With Natural Styles , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[16]  Yingying Chen,et al.  Real-Time, Universal, and Robust Adversarial Attacks Against Speaker Recognition Systems , 2020, IEEE International Conference on Acoustics, Speech, and Signal Processing.

[17]  Siyang Cao,et al.  mm-Pose: Real-Time Human Skeletal Posture Estimation Using mmWave Radars and CNNs , 2019, IEEE Sensors Journal.

[18]  Mani Srivastava,et al.  RadHAR: Human Activity Recognition from Point Clouds Generated through a Millimeter-wave Radar , 2019, mmNets@MobiCom.

[19]  Yao Meng,et al.  Health and Wellness Monitoring Using Intelligent Sensing Technique , 2019, J. Inf. Process. Syst..

[20]  M. Cherniakov,et al.  Implementation of MIMO Beamforming on an OTS FMCW Automotive Radar , 2019, 2019 20th International Radar Symposium (IRS).

[21]  Andrew Markham,et al.  mID: Tracking and Identifying People with Millimeter Wave Radar , 2019, 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS).

[22]  Colin Raffel,et al.  Imperceptible, Robust, and Targeted Adversarial Examples for Automatic Speech Recognition , 2019, ICML.

[23]  Xiaonan Guo,et al.  Device-free Personalized Fitness Assistant Using WiFi , 2018, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[24]  Vladimir Vlassov,et al.  Human Activity Recognition Using Federated Learning , 2018, 2018 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Ubiquitous Computing & Communications, Big Data & Cloud Computing, Social Computing & Networking, Sustainable Computing & Communications (ISPA/IUCC/BDCloud/SocialCom/SustainCom).

[25]  Gierad Laput,et al.  Ubicoustics: Plug-and-Play Acoustic Activity Recognition , 2018, UIST.

[26]  Stéphane Lecoeuche,et al.  Kinematic Spline Curves: A temporal invariant descriptor for fast action recognition , 2018, Image Vis. Comput..

[27]  Yutaka Arakawa,et al.  GIFT: Glove for Indoor Fitness Tracking System , 2018, 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[28]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Universal Adversarial Perturbations , 2016, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[29]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[30]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[31]  Ohbyung Kwon,et al.  Acoustic Sensor Based Recognition of Human Activity in Everyday Life for Smart Home Services , 2015, Int. J. Distributed Sens. Networks.

[32]  Geoffrey E. Hinton,et al.  Distilling the Knowledge in a Neural Network , 2015, ArXiv.

[33]  Jie Yang,et al.  E-eyes: device-free location-oriented activity identification using fine-grained WiFi signatures , 2014, MobiCom.

[34]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[35]  Bülent Sankur,et al.  Graph-based analysis of physical exercise actions , 2013, MIIRH '13.

[36]  Xinwen Fu,et al.  A New Replay Attack Against Anonymous Communication Networks , 2008, 2008 IEEE International Conference on Communications.

[37]  Yingying Chen,et al.  Smart Health mPose : Environment- and subject-agnostic 3D skeleton posture reconstruction leveraging a single mmWave device , 2021 .

[38]  Luis A. Leiva,et al.  Pantomime , 2021, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[39]  Chris D. Nugent,et al.  Fuzzy cloud-fog computing approach application for human activity recognition in smart homes , 2020, J. Intell. Fuzzy Syst..