Dynamic Black-box Backdoor Attacks on IoT Sensory Data

Sensor data-based recognition systems are widely used in various applications, such as gait-based authentication and human activity recognition (HAR). Modern wearable and smart devices feature various built-in Inertial Measurement Unit (IMU) sensors, and such sensor-based measurements can be fed to a machine learning-based model to train and classify human activities. While deep learning-based models have proven successful in classifying human activity and gestures, they pose various security risks. In our paper, we discuss a novel dynamic trigger-generation technique for performing black-box adversarial attacks on sensor data-based IoT systems. Our empirical analysis shows that the attack is successful on various datasets and classifier models with minimal perturbation on the input data. We also provide a detailed comparative analysis of performance and stealthiness to various other poisoning techniques found in backdoor attacks. We also discuss some adversarial defense mechanisms and their impact on the effectiveness of our trigger-generation technique.

Key Contributions

• Novel dynamic trigger-generation framework for black-box backdoor attacks on IMU-based sensor data classifiers
• Empirical evaluation across multiple HAR/gait datasets and classifier models demonstrating high attack success with minimal input perturbation
• Comparative stealthiness and performance analysis against existing poisoning-based backdoor techniques, including evaluation of adversarial defenses

🛡️ Threat Analysis

Details

Similar Papers