| Citation: | ZHANG Xuejun, BAO Junda, HE Fucun, et al. A fingerprint indoor localization method against adversarial sample attacks[J]. Journal of Beijing University of Aeronautics and Astronautics, 2022, 48(11): 2087-2101. doi: 10.13700/j.bh.1001-5965.2021.0789(in Chinese)
|
With the development of urban intelligence, the indoor positioning services based on WiFi received signal strength (RSS) have attracted extensive attention of society. The deep learning technology is a powerful method to achieve high indoor positioning performance using RSS signal. However, it is vulnerable to adversarial sample attack, which brings serious security risks to the indoor positioning system. In this paper, we propose a deep learning based fingerprint indoor localization method using WiFi RSS against adversarial samples attack (AdvILoc), leveraging the research and analysis of anti-sample defense methods in the field of image recognition. The AdvILoc defend against adversarial samples attack through adding a polling layer, a full connection layer, and a noise layer with differential privacy to the fingerprint indoor positioning deep learning model, which contemplates the characteristics of single and dimension of RSS signals. It also solves the problem of overfitting and weak generalization of deep learning based fingerprint indoor localization model. Meanwhile, the robustness of the model against adversarial samples attack is improved by adding a Dropout layer and designing the parameters regularization of model. The experimental results on two real indoor RSS fingerprint datasets show that, compared with the existing indoor localization methods based on multi-layer perception (MLP) and convolution neural network (CNN), the AdvILoc improves the robustness of the localization model against adversarial samples attack without compromising the localization performance. Additionally, under the C&W attack that meets the
| [1] |
钱堃, 张新宇, 杨铮, 等. 基于离开角的商用毫米波设备定位方法研究[J]. 中国科学: 信息科学, 2021, 51(1): 122-138. https://www.cnki.com.cn/Article/CJFDTOTAL-PZKX202101009.htm
QIAN K, ZHANF X Y, YANG Z, et al. AoD-based localization with cots millimeter-wave device[J]. Scientia Sinica Informationis, 2021, 51(1): 122-138(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-PZKX202101009.htm
|
| [2] |
石柯, 宋小妹, 王信达, 等. 多传感器辅助的WiFi信号指纹室内定位技术[J]. 软件学报, 2019, 30(11): 3457-3468. https://www.cnki.com.cn/Article/CJFDTOTAL-RJXB201911015.htm
SHI K, SONG X M, WANG X D, et al. Multi-sensor assisted WiFi signal fingerprint based indoor positioning technology[J]. Journal of Software, 2019, 30(11): 3457-3468(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-RJXB201911015.htm
|
| [3] |
ZHANG L, LIU X, SONG J. A comprehensive study of bluetooth fingerprinting-based algorithms for localization[C]//Procee-dings of the 27th International Conference on Advanced Information Networking and Applications Workshops. Piscataway: IEEE Press, 2013: 300-305.
|
| [4] |
LEE S, HA K N, LEE K C. A pyroelectric infrared sensor-based indoor location-aware system for the smart home[J]. IEEE Transactions on Consumer Electronics, 2006, 52(4): 1311-1317. doi: 10.1109/TCE.2006.273150
|
| [5] |
GONZÁLEZ E, PRADOS L, RUBIO A J. ATLINTIDA: A robust indoor ultrasound location system: Design and evaluation[C]// Proceeding of the 3rd Symposium of Ubiquitous Computing and Ambient Intelligence. Berlin: Springer, 2009, 51: 180-190.
|
| [6] |
BAHL P, PADMANABHAN V N. RADAR: An in-building RF-based user location and tracking system[C]//Proceedings of the IEEE Conference on Computer Communications. Piscataway: IEEE Press, 2000: 775-784.
|
| [7] |
HSIEH C H, CHEN J Y, NIEN B H. Deep learning-based indoor localization using received signal strength and channel state information[J]. IEEE Access, 2019, 7: 33256-33267. doi: 10.1109/ACCESS.2019.2903487
|
| [8] |
WANG X Y, WANG X Y, MAO S W. Deep convolution neural networks for indoor localization with CSI images[J]. IEEE Transactions on Network Science and Engineering, 2020, 7(1): 316-327. doi: 10.1109/TNSE.2018.2871165
|
| [9] |
张学军, 何福存, 盖继扬, 等. 边缘计算下指纹室内定位差分私有联邦学习模型[J/OL]. 计算机研究与发展, 2022(2022-02-11). https://kns.cnki.net/kcms/detail/11.1777.TP.20220211.1039.004.html.
ZHANG X J, HE F C, GAI J Y, et al. Differential federated learning model for indoor fingerprint location under edge calculation[J/OL]. Journal of Computer Research and Development, 2022(2022-02-11). http://kns.cnki.net/kcms/detail/11.1777.TP.20220211.1039.004.html(in Chinese).
|
| [10] |
PATIL M, WANG X, WANG X, et al. Adversarial attacks on deep learning-based floor classification and indoor localization[C]//Proceeding of the 3rd ACM Workshop on Wireless Security and Machine Learning. New York: ACM, 2021: 7-12.
|
| [11] |
钱亚冠, 张锡敏, 王滨, 等. 基于二节对抗样本的对抗训练防御[J]. 电子与信息学报, 2021, 43(11): 3367-3373. https://www.cnki.com.cn/Article/CJFDTOTAL-DZYX202111034.htm
QIAN Y G, ZHANG X M, WANG B, et al. Adversarial training defense based on second-order adversarial examples[J]. Journal of Electronics & Information Technology, 2021, 43(11): 3367-3373(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-DZYX202111034.htm
|
| [12] |
刘西蒙, 谢乐辉, 王耀鹏, 等. 深度学习中的对抗攻击与防御[J]. 网络与信息安全学报, 2020, 6(5): 36-53. https://www.cnki.com.cn/Article/CJFDTOTAL-WXAQ202005005.htm
LIU X M, XIE L H, WANG Y P, et al. Adversarial attacks and defenses in deep learning[J]. Chinese Journal of Network and Information Security, 2020, 6(5): 36-53(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-WXAQ202005005.htm
|
| [13] |
王滨, 郭艳凯, 钱亚冠, 等. 针对卷积神经网络流量分类器的对抗样本攻击防御[J]. 信息安全学报, 2022, 7(1): 145-156. https://www.cnki.com.cn/Article/CJFDTOTAL-XAXB202201010.htm
WANG B, GUO Y K, QIAN Y G, et al. Defense against sample attack against convolutional neural network traffic classifier[J]. Journal of Information Security, 2022, 7(1): 145-156(in Chinese). https://www.cnki.com.cn/Article/CJFDTOTAL-XAXB202201010.htm
|
| [14] |
XIE C, WANG J, ZHANG Z, et al. Mitigating adversarial effects through randomization[C]//Proceeding of 6th International Conference on Learning Representations, 2018: 1-16.
|
| [15] |
LIU X, LI Y, WU C, et al. Adv-BNN: Improved adversarial defense through robust Bayesian neural network[EB/OL]. (2019-05-04)[2021-12-25]. https://arxiv.org/abs/1810.01279.
|
| [16] |
LECUYER M, ATLIDAKIS V, GEAMBASU R, et al. Certified robustness to adversarial examples with differential privacy[C]//Proceedings of the 2019 IEEE Symposium on Security and Privacy. Piscataway: IEEE Press, 2019: 656-672.
|
| [17] |
CARLINI N, WAGNER D. Towards evaluating the robustness of neural networks[C]//Proceedings of the 2017 IEEE Symposium on Security and Privacy. Piscataway: IEEE Press, 2017: 39-57.
|
| [18] |
SHI Y, WANG S, HAN Y. Curls & Whey: Boosting black-box adversarial attacks[C]//2019 IEEE Conference on Computer Vision and Pattern Recognition. Piscataway: IEEE Press, 2019: 6519-6527.
|
| [19] |
DWORK C, ROTH A. The algorithmic foundations of differential privacy[J]. Foundations and Trends in Theoretical Computer Science, 2014, 9(3-4): 211-407.
|
| [20] |
BENESTY J, CHEN J, HUANG Y, et al. Pearson correlation coefficient[M]//COHEN I, HUANG Y, CHEN J, et al. Noise reduction in speech processing. Berlin: Springer, 2009: 1-4.
|
| [21] |
JIANG X, CHEN Y, LIU J. FSELM: Fusion semi-supervised extreme learning machine for indoor localization with Wi-Fi and bluetooth fingerprints[J]. Soft Computing, 2018, 22(6): 3621-3635.
|
| [22] |
TORRES-SOSPEDRA J. UJIIndoorLoc: A new multi-building and multi-floor database for WLAN fingerprint-based indoor localization problems[C]//Proceeding of 2014 International Conference on Indoor Positioning and Indoor Navigation. Piscataway: IEEE Press, 2014: 261-270.
|
| [23] |
JIANG X, LIU J, CHEN Y. Feature adaptive online sequential extreme learning machine for lifelong indoor localization[J]. Neural Computing and Applications, 2016, 27(1): 215-225.
|
| [24] |
STYAN G P H. Hadamard products and multivariate statistical analysis[J]. Linear Algebra and Its Applications, 1973, 6: 217-240.
|
| [25] |
WONG E, KOLTER Z. Provable defenses against adversarial examples via the convex outer adversarial polytope[C]//35th International Conference on Machine Learning, 2018: 5286-5295.
|
| [26] |
RAGHUNATHAN A, STEINHARDT J, LIANG P. Certified defenses against adversarial examples[EB/OL]. (2020-10-31)[2021-12-25]. https://arxiv.org/abs/1801.09344v1.
|
| [27] |
DVIJOTHAM K, GOWAL S, STANFORTH R, et al. Training verified learners with learned verifiers[EB/OL]. (2018-05-29)[2021-12-25]. https://arxiv.org/abs/1805.10265v1.
|
Figures(13) / Tables(4)
Copyright © Journal of Beijing University of Aeronautics and Astronautics
Address: Editorial Department of Journal of Beijing University of Aeronautics and Astronautics, 37 Xueyuan Road, Haidian District, Beijing Post Code: 100191 Email: jbuaa@buaa.edu.cn
Supported by:
Beijing Renhe Information Technology Co., Ltd.
DownLoad:
