Label Flipping Data Poisoning Attack Against Wearable Human Activity Recognition System
Human Activity Recognition (HAR) is a problem of interpreting sensor data to human movement using an efficient machine learning (ML) approach. The HAR systems rely on data from untrusted users, making them susceptible to data poisoning attacks. In a poisoning attack, attackers manipulate the sensor...
Saved in:
| Published in | 2022 IEEE Symposium Series on Computational Intelligence (SSCI) pp. 908 - 914 |
|---|---|
| Main Authors | , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
04.12.2022
|
| Subjects | |
| Online Access | Get full text |
| DOI | 10.1109/SSCI51031.2022.10022015 |
Cover
| Abstract | Human Activity Recognition (HAR) is a problem of interpreting sensor data to human movement using an efficient machine learning (ML) approach. The HAR systems rely on data from untrusted users, making them susceptible to data poisoning attacks. In a poisoning attack, attackers manipulate the sensor readings to contaminate the training set, misleading the HAR to produce erroneous outcomes. This paper presents the design of a label flipping data poisoning attack for a HAR system, where the label of a sensor reading is maliciously changed in the data collection phase. Due to high noise and uncertainty in the sensing environment, such an attack poses a severe threat to the recognition system. Besides, vulnerability to label flipping attacks is dangerous when activity recognition models are deployed in safety-critical applications. This paper shades light on how to carry out the attack in practice through smartphone-based sensor data collection applications. This is an earlier research work, to our knowledge, that explores attacking the HAR models via label flipping poisoning. We implement the proposed attack and test it on activity recognition models based on the following machine learning algorithms: multi-layer perceptron, decision tree, random forest, and XGBoost. Finally, we evaluate the effectiveness of a K-nearest neighbors (KNN)-based defense mechanism against the proposed attack. |
|---|---|
| AbstractList | Human Activity Recognition (HAR) is a problem of interpreting sensor data to human movement using an efficient machine learning (ML) approach. The HAR systems rely on data from untrusted users, making them susceptible to data poisoning attacks. In a poisoning attack, attackers manipulate the sensor readings to contaminate the training set, misleading the HAR to produce erroneous outcomes. This paper presents the design of a label flipping data poisoning attack for a HAR system, where the label of a sensor reading is maliciously changed in the data collection phase. Due to high noise and uncertainty in the sensing environment, such an attack poses a severe threat to the recognition system. Besides, vulnerability to label flipping attacks is dangerous when activity recognition models are deployed in safety-critical applications. This paper shades light on how to carry out the attack in practice through smartphone-based sensor data collection applications. This is an earlier research work, to our knowledge, that explores attacking the HAR models via label flipping poisoning. We implement the proposed attack and test it on activity recognition models based on the following machine learning algorithms: multi-layer perceptron, decision tree, random forest, and XGBoost. Finally, we evaluate the effectiveness of a K-nearest neighbors (KNN)-based defense mechanism against the proposed attack. |
| Author | Wu, Peter Y. Alam, Tauhidul Imteaj, Ahmed Igoche, Diane A. Shahid, Abdur R. |
| Author_xml | – sequence: 1 givenname: Abdur R. surname: Shahid fullname: Shahid, Abdur R. email: shahid@rmu.edu organization: Robert Morris University,Department of Computer and Information Systems,Moon,PA,USA – sequence: 2 givenname: Ahmed surname: Imteaj fullname: Imteaj, Ahmed email: ahmed.imteaj@siu.edu organization: Southern Illinois University,School of Computing,Carbondale,IL,USA – sequence: 3 givenname: Peter Y. surname: Wu fullname: Wu, Peter Y. email: wu@rmu.edu organization: Robert Morris University,Department of Computer and Information Systems,Moon,PA,USA – sequence: 4 givenname: Diane A. surname: Igoche fullname: Igoche, Diane A. email: igoche@rmu.edu organization: Robert Morris University,Department of Computer and Information Systems,Moon,PA,USA – sequence: 5 givenname: Tauhidul surname: Alam fullname: Alam, Tauhidul email: talam@lsus.edu organization: Louisiana State University Shreveport,Department of Computer Science,Shreveport,LA,USA |
| BookMark | eNo1j99KwzAchSPohc69gWBeoPWXv00uS3VuUFCsssuRZmkJtmlpo9C3d0O9OYfv5vCdG3QZhuAQuieQEgL6oaqKnSDASEqB0pTAKYGIC7TWmSJSCq4yqfQ12pemdh3edH4cfWjxo4kGvw5-HsIZ8xiN_cR5a3yYI947M5m6c3j71ZuAcxv9t48LfnN2aIOPfgi4Wubo-lt01Zhuduu_XqGPzdN7sU3Kl-ddkZeJp8BjQqXI2NlYa6IaUWtimFWcKisor4-65pnRAIrJWjZgLaOKN5JR4TQcMwC2Qne_u945dxgn35tpOfz_ZT-6AU6U |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/SSCI51031.2022.10022015 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Xplore POP ALL IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781665487689 1665487682 |
| EndPage | 914 |
| ExternalDocumentID | 10022015 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i204t-2657311099918f5b91a3c8428c524bd9b47a900836b6f0cc3284f6325e90d7003 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jan 18 11:14:52 EST 2024 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i204t-2657311099918f5b91a3c8428c524bd9b47a900836b6f0cc3284f6325e90d7003 |
| PageCount | 7 |
| ParticipantIDs | ieee_primary_10022015 |
| PublicationCentury | 2000 |
| PublicationDate | 2022-Dec.-4 |
| PublicationDateYYYYMMDD | 2022-12-04 |
| PublicationDate_xml | – month: 12 year: 2022 text: 2022-Dec.-4 day: 04 |
| PublicationDecade | 2020 |
| PublicationTitle | 2022 IEEE Symposium Series on Computational Intelligence (SSCI) |
| PublicationTitleAbbrev | SSCI |
| PublicationYear | 2022 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.922527 |
| Snippet | Human Activity Recognition (HAR) is a problem of interpreting sensor data to human movement using an efficient machine learning (ML) approach. The HAR systems... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 908 |
| SubjectTerms | adversarial machine learning Crowdsensing Data collection data poisoning attack Deep learning human activity recognition Machine learning algorithms Sensors Training Uncertainty wearables |
| Title | Label Flipping Data Poisoning Attack Against Wearable Human Activity Recognition System |
| URI | https://ieeexplore.ieee.org/document/10022015 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwGA1uJ08qTvxNDl7btUmaNscxHVN0DOfYbuPLj46x0Q7pLv71JumqKAje2lJoSVLe-9L33ofQnS3WZAqGB6lhEDAeZ4HUFAIgwqIDl5ZUOHPyy4gPp-xpnsz3ZnXvhTHGePGZCd2h_5evS7VzW2VdFxdqAStpoZZdZ7VZa6_ZiiPRnUz6jy4gzpV9hITN3T_6pnjYGByhUfPAWi2yDneVDNXHryzGf7_RMep8O_Tw-At7TtCBKU7R7Bmk2eDBxocuLPE9VIDHpdMLudNeVYFa494SVpYT4pld4843hf0-Pu6puo8Efm0kRWWB6zzzDpoOHt76w2DfOCFYkYhVAeFJSt2QWPKX5YkUMVCV2UJDJYRJLSRLQTjyxSXPI6WoxaicU5IYEenUfudnqF2UhTlH2NIPZWmAjiWnLNJE5AAUMqV1GqskjS5Qx43KYltnYyyaAbn84_oVOnST4wUh7Bq1q_edubGwXslbP52fR16h3w |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3NS8MwHA06D3pSceK3OXht16ZJ2h7HdGy6jeE2ttvIV8fYaEXSi3-9SboqCoK3thRafkl575e-9wLAg2nWeMwU9WKFmYdpmHhcRsxjKDXoQLkhFdacPBzR3gw_L8hiZ1Z3XhillBOfKd8eun_5shClXSpr2bhQA1hkHxwY4MeksmvtVFthkLYmk07fRsTZxg8hv77_x84pDji6x2BUP7LSi2z8UnNffPxKY_z3O52A5rdHD46_0OcU7Kn8DMwHjKst7G5d7MIKPjLN4LiwiiF72taaiQ1sr9jasEI4N7PcOqegW8mHbVHtJAFfa1FRkcMq0bwJZt2naafn7bZO8NYowNpDlMSRLYmhf0lGeBqySCSm1RAEYS5TjmOWWvpFOc0CISKDUhmNEFFpIGPzpZ-DRl7k6gJAQ0CEIQIy5DTCgURpxljEEiFlHAoSB5egaauyfKvSMZZ1Qa7-uH4PDnvT4WA56I9ersGRHSgnD8E3oKHfS3VrQF7zOze0n_OYpSw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2022+IEEE+Symposium+Series+on+Computational+Intelligence+%28SSCI%29&rft.atitle=Label+Flipping+Data+Poisoning+Attack+Against+Wearable+Human+Activity+Recognition+System&rft.au=Shahid%2C+Abdur+R.&rft.au=Imteaj%2C+Ahmed&rft.au=Wu%2C+Peter+Y.&rft.au=Igoche%2C+Diane+A.&rft.date=2022-12-04&rft.pub=IEEE&rft.spage=908&rft.epage=914&rft_id=info:doi/10.1109%2FSSCI51031.2022.10022015&rft.externalDocID=10022015 |