Dynamic Black-box Backdoor Attacks on IoT Sensory Data

TL;DR

This paper introduces a novel dynamic trigger-generation technique for black-box backdoor attacks on IoT sensor data systems, demonstrating high success rates with minimal perturbation and analyzing defenses.

Contribution

The paper presents a new dynamic trigger-generation method for black-box backdoor attacks on IoT sensor data, with comprehensive empirical evaluation and comparison to existing poisoning techniques.

Findings

Attack successful on various datasets and classifiers

Minimal perturbation required for effective attack

Analysis of defense mechanisms' impact

Abstract

Sensor data-based recognition systems are widely used in various applications, such as gait-based authentication and human activity recognition (HAR). Modern wearable and smart devices feature various built-in Inertial Measurement Unit (IMU) sensors, and such sensor-based measurements can be fed to a machine learning-based model to train and classify human activities. While deep learning-based models have proven successful in classifying human activity and gestures, they pose various security risks. In our paper, we discuss a novel dynamic trigger-generation technique for performing black-box adversarial attacks on sensor data-based IoT systems. Our empirical analysis shows that the attack is successful on various datasets and classifier models with minimal perturbation on the input data. We also provide a detailed comparative analysis of performance and stealthiness to various other poisoning techniques found in backdoor attacks. We also discuss some adversarial defense mechanisms and their impact on the effectiveness of our trigger-generation technique.