基于深度学习的指纹室内定位对抗样本攻击研究OA北大核心CSTPCD
Study on Adversarial Sample Attacks on Deep Learning Based Fingerprinting Indoor Localization
基于深度学习的指纹室内定位系统因其能够有效抽取接收信号强度(RSS)指纹数据的深层特征而大幅提高了室内定位性能,但该类方法需要大量多样化的RSS指纹数据训练模型,并且目前对其安全漏洞也缺乏充分的研究,这些安全漏洞源于无线Wi-Fi媒体的开放性和分类器的固有缺陷(如易遭受对抗性攻击等).为此,对基于深度学习的RSS指纹室内定位系统的对抗性攻击进行研究,提出一种基于Wi-Fi指纹室内定位的对抗样本攻击框架,并利用该框架研究对抗攻击对基于深度学习的RSS指纹室内定位模型性能的影响.该框架包含离线训练和在线定位两个阶段.在离线训练阶段,设计适用于增广Wi-Fi RSS指纹数据的条件生成对抗网络(CGAN)来生成大量多样化的RSS指纹数据训练高鲁棒的室内定位深度学习模型;在线定位阶段,构造最强的一阶攻击策略来生成针对Wi-Fi RSS指纹室内定位系统的有效RSS对抗样本,研究对抗攻击对不同室内定位深度学习模型性能的影响.实验结果显示:在公开UJIIndoorLoc数据集上,由所提框架生成的RSS指纹对抗样本对卷积神经网络(CNN)、深度神经网络(DNN)、多层感知机(MLP)、pixeldp_CNN指纹室内定位模型的攻击成功率分别达到94.1%、63.75%、43.45%、72.5%;对由CGAN增广数据训练的上述4种指纹室内定位模型的攻击成功率分别达到84.95%、44.8%、15.7%、11.5%.由此表明,现有的基于深度学习的指纹室内定位模型易遭受对抗样本攻击的影响,由真实数据和增广数据混合训练的室内定位模型在面临对抗样本攻击时具有更好的鲁棒性.
This study investigated adversarial attacks on Deep Learning(DL)based Wi-Fi fingerprint indoor positioning systems,which have significantly improved indoor localization performance by effectively extracting deep features from Received Signal Strength(RSS)fingerprint data.However,such methods require a large and diverse dataset of RSS fingerprint data for model training.Furthermore,there is a lack of sufficient research on their security vulnerabilities stemming from the openness of wireless Wi-Fi media and inherent flaws in classifiers,such as susceptibility to adversarial attacks.To address this issue,we researched adversarial attacks on DL based RSS fingerprint indoor positioning systems.Herein,we proposed an adversarial sample attack framework based on Wi-Fi fingerprint indoor positioning.Furthermore,we utilized this framework to assess the impact of adversarial attacks on the performance of DL based RSS fingerprint indoor positioning models.The framework consists of two phases:offline training and online positioning.In the offline training phase,we designed a Conditional Generative Adversarial Network(CGAN)suitable for augmenting Wi-Fi RSS fingerprint data to generate a large and diverse dataset for training robust indoor positioning DL models.In the online positioning phase,we constructed the most potent first-order attack strategy to generate effective RSS fingerprint adversarial samples and studied the impact of adversarial attacks on different indoor positioning DL models.Experimental results on the publicly available UJIIndoorLoc dataset showed that the adversarial samples generated by the proposed framework achieved average attack success rates of 94.1%,63.75%,43.45%,and 72.5%on existing fingerprint indoor positioning models based on Convolutional Neural Network(CNN),Deep Neural Network(DNN),Multilayer Perceptron(MLP),and pixeldp_CNN,respectively.Furthermore,the average attack success rates on the fingerprint indoor positioning models trained with data augmented by the CGAN were 84.95%,44.8%,15.7%,and 11.5%for CNN,DNN,MLP,and pixeldp_CNN,respectively.Therefore,existing DL based fingerprint indoor positioning models were susceptible to adversarial sample attacks.The models trained using a mixture of real and augmented data exhibited better robustness when encountering adversarial sample attacks.
张学军;席阿友;加小红;张斌;李梅;杜晓刚;黄海燕
兰州交通大学电子与信息工程学院,甘肃兰州 730070陕西科技大学电子信息与人工智能学院,陕西西安 710021
计算机与自动化
室内定位条件生成对抗网络对抗攻击深度学习鲁棒性
indoor localizationConditional Generative Adversarial Network(CGAN)adversarial attackDeep Learning(DL)robustness
《计算机工程》 2024 (010)
228-239 / 12
国家自然科学基金(61762058,62366029);甘肃省自然科学基金(21JR7RA282,23JRRA855);甘肃省教育厅产业支撑项目(2022CYZC-38);兰州交通大学校青年科学基金(2023006,2023008).
评论