Towards Trustworthy Wi-Fi CSI-based Sensing: Systematic Evaluation of Adversarial Robustness

TL;DR

This paper systematically evaluates the adversarial robustness of various CSI-based human sensing models, revealing task-dependent vulnerabilities and emphasizing the importance of physical constraints for secure wireless sensing.

Contribution

It provides a comprehensive robustness analysis across multiple architectures and datasets, highlighting the limited correlation between model capacity and robustness, and proposing physical signal constraints as an effective defense.

Findings

Simple architectures are more robust than complex ones.

HAR is highly vulnerable, HID shows inherent resistance.

Physical constraints significantly reduce attack success rates.

Abstract

Machine learning drives Channel State Information (CSI)-based human sensing in modern wireless networks, enabling applications like device-free human activity recognition (HAR) and identification (HID). However, the susceptibility of these models to adversarial perturbations raises security concerns that must be quantified prior to edge deployment. We present a systematic robustness evaluation of five diverse CSI architectures across four public datasets, jointly analyzing white-box, black-box transfer, and universal attacks, together with defense strategies, under unconstrained and physics-guided perturbation boundaries. Contrary to prior assumptions, our experiments reveal that model capacity does not guarantee robustness; simple architectures consistently exhibit superior resilience compared to high-capacity sequence and vision models. Furthermore, vulnerability is fundamentally task-dependent, with HAR proving highly susceptible to attack, while HID demonstrates stark inherent resistance. Crucially, enforcing physical signal constraints drastically reduces attack success rates and significantly taxes attacker computation, showing that standard unconstrained feature-space attacks substantially overestimate real-world Over-The-Air vulnerabilities. By synthesizing attack, defense, and security metrics with strict edge hardware considerations, this work establishes foundational design principles for secure, deployable, and physically realizable wireless sensing systems.