计算机工程2024,Vol.50Issue(10):228-239,12.DOI:10.19678/j.issn.1000-3428.0068371
基于深度学习的指纹室内定位对抗样本攻击研究
Study on Adversarial Sample Attacks on Deep Learning Based Fingerprinting Indoor Localization
摘要
Abstract
This study investigated adversarial attacks on Deep Learning(DL)based Wi-Fi fingerprint indoor positioning systems,which have significantly improved indoor localization performance by effectively extracting deep features from Received Signal Strength(RSS)fingerprint data.However,such methods require a large and diverse dataset of RSS fingerprint data for model training.Furthermore,there is a lack of sufficient research on their security vulnerabilities stemming from the openness of wireless Wi-Fi media and inherent flaws in classifiers,such as susceptibility to adversarial attacks.To address this issue,we researched adversarial attacks on DL based RSS fingerprint indoor positioning systems.Herein,we proposed an adversarial sample attack framework based on Wi-Fi fingerprint indoor positioning.Furthermore,we utilized this framework to assess the impact of adversarial attacks on the performance of DL based RSS fingerprint indoor positioning models.The framework consists of two phases:offline training and online positioning.In the offline training phase,we designed a Conditional Generative Adversarial Network(CGAN)suitable for augmenting Wi-Fi RSS fingerprint data to generate a large and diverse dataset for training robust indoor positioning DL models.In the online positioning phase,we constructed the most potent first-order attack strategy to generate effective RSS fingerprint adversarial samples and studied the impact of adversarial attacks on different indoor positioning DL models.Experimental results on the publicly available UJIIndoorLoc dataset showed that the adversarial samples generated by the proposed framework achieved average attack success rates of 94.1%,63.75%,43.45%,and 72.5%on existing fingerprint indoor positioning models based on Convolutional Neural Network(CNN),Deep Neural Network(DNN),Multilayer Perceptron(MLP),and pixeldp_CNN,respectively.Furthermore,the average attack success rates on the fingerprint indoor positioning models trained with data augmented by the CGAN were 84.95%,44.8%,15.7%,and 11.5%for CNN,DNN,MLP,and pixeldp_CNN,respectively.Therefore,existing DL based fingerprint indoor positioning models were susceptible to adversarial sample attacks.The models trained using a mixture of real and augmented data exhibited better robustness when encountering adversarial sample attacks.关键词
室内定位/条件生成对抗网络/对抗攻击/深度学习/鲁棒性Key words
indoor localization/Conditional Generative Adversarial Network(CGAN)/adversarial attack/Deep Learning(DL)/robustness分类
信息技术与安全科学引用本文复制引用
张学军,席阿友,加小红,张斌,李梅,杜晓刚,黄海燕..基于深度学习的指纹室内定位对抗样本攻击研究[J].计算机工程,2024,50(10):228-239,12.基金项目
国家自然科学基金(61762058,62366029) (61762058,62366029)
甘肃省自然科学基金(21JR7RA282,23JRRA855) (21JR7RA282,23JRRA855)
甘肃省教育厅产业支撑项目(2022CYZC-38) (2022CYZC-38)
兰州交通大学校青年科学基金(2023006,2023008). (2023006,2023008)
