Adversarial Robustness of Near-Field Millimeter-Wave Imaging under Waveform-Domain Attacks

TL;DR

This paper systematically examines the security vulnerabilities of near-field mmWave imaging systems against waveform-domain physical attacks, revealing significant susceptibility and proposing a differential attack framework.

Contribution

It introduces a practical white-box adversarial model, develops a differential imaging attack framework, and provides empirical evidence of vulnerabilities in various imaging algorithms.

Findings

mmWave imaging is highly vulnerable to waveform attacks

Deep-learning algorithms show higher robustness than classical methods

Attack enables concealment or alteration of targets with moderate power

Abstract

Near-field millimeter-wave (mmWave) imaging is widely deployed in safety-critical applications such as airport passenger screening, yet its own security remains largely unexplored. This paper presents a systematic study of the adversarial robustness of mmWave imaging algorithms under waveform-domain physical attacks that directly manipulate the image reconstruction process. We propose a practical white-box adversarial model and develop a differential imaging attack framework that leverages the differentiable imaging pipeline to optimize attack waveforms. We also construct a real measured dataset of clean and attack waveforms using a mmWave imaging testbed. Experiments on 10 representative imaging algorithms show that mmWave imaging is highly vulnerable to such attacks, enabling an adversary to conceal or alter targets with moderate transmission power. Surprisingly, deep-learning-based imaging algorithms demonstrate higher robustness than classical algorithms. These findings expose critical security risks and motivate the development of robust and secure mmWave imaging systems.