Adversarial Transferability in Wearable Sensor Systems

TL;DR

This paper investigates how adversarial examples in wearable sensor systems transfer across different models, subjects, sensor locations, and datasets, revealing factors that influence transferability and offering guidelines for robustness.

Contribution

It is the first comprehensive study on adversarial transferability in wearable sensor systems across multiple dimensions and conditions.

Findings

Strong untargeted transferability observed in most cases

Targeted attack success rates ranged from 0% to 80%

Transferability decreases with increasing data distribution differences

Abstract

Machine learning is used for inference and decision making in wearable sensor systems. However, recent studies have found that machine learning algorithms are easily fooled by the addition of adversarial perturbations to their inputs. What is more interesting is that adversarial examples generated for one machine learning system is also effective against other systems. This property of adversarial examples is called transferability. In this work, we take the first stride in studying adversarial transferability in wearable sensor systems from the following perspectives: 1) transferability between machine learning systems, 2) transferability across subjects, 3) transferability across sensor body locations, and 4) transferability across datasets. We found strong untargeted transferability in most cases. Targeted attacks were less successful with success scores from $0\%$ to $80\%$. The transferability of adversarial examples depends on many factors such as the inclusion of data from all subjects, sensor body position, number of samples in the dataset, type of learning algorithm, and the distribution of source and target system dataset. The transferability of adversarial examples decreases sharply when the data distribution of the source and target system becomes more distinct. We also provide guidelines for the community for designing robust sensor systems.