| 抵御对抗样本攻击的指纹室内定位方法 |
| |
| 引用本文: | 张学军,鲍俊达,何福存,盖继扬,田丰,黄海燕.抵御对抗样本攻击的指纹室内定位方法[J].北京航空航天大学学报,2022,48(11):2087-2101. |
| |
| 作者姓名: | 张学军 鲍俊达 何福存 盖继扬 田丰 黄海燕 |
| |
| 作者单位: | 1.兰州交通大学 电子与信息工程学院, 兰州 730070 |
| |
| 基金项目: | 国家自然科学基金61762058国家自然科学基金61901201兰州交通大学百人青年人才培养计划甘肃省自然科学基金21JR7RA282甘肃省高等学校产业支撑计划2022CYZC-38中央高校基本科研业务费专项资金GK202103090陕西省自然科学基础研究计划2022JM-329 |
| |
| 摘 要: | 随着城市智能化的发展, 基于WiFi接收信号强度(RSS)的指纹室内定位服务受到社会的广泛关注。深度学习技术是利用RSS信号获得高室内定位性能的一种重要手段, 但其易遭受对抗样本攻击, 给定位系统带来严重安全隐患。为此, 提出了一种抵御对抗样本攻击的基于深度学习的RSS指纹室内定位方法(AdvILoc)。该方法基于图像识别领域对抗样本防御方法的研究和分析, 结合室内RSS指纹数据特征单一且高维的特点, 通过在RSS指纹室内定位深度学习模型中添加池化层、全连接层, 以及满足差分隐私的噪声层来抵御对抗样本攻击, 解决了基于深度学习的室内定位模型易过拟合且泛化能力不高的问题。通过添加Dropout层, 以及设计模型参数正则化方法, 提高模型抵御对抗样本攻击的鲁棒性。在2个真实RSS指纹室内定位数据集上的实验结果表明:与已有基于多层感知机(MLP)、卷积神经网络(CNN)的RSS指纹室内定位方法相比, 所提方法在保证时间开销和基本不影响定位模型性能的情况下, 提高了模型抵御对抗样本攻击的鲁棒性;在满足l2范式规范的C&W攻击下, 随着攻击大小不断增大, 模型的定位准确率下降也更平稳。
|
| 关 键 词: | 室内定位 对抗样本 深度学习 C&W攻击 差分隐私 |
| 收稿时间: | 2021-12-28 |
A fingerprint indoor localization method against adversarial sample attacks |
| |
| Institution: | 1.School of Electronic and Information Engineering, Lanzhou Jiaotong University, Lanzhou 730070, China2.School of Computer Science, Shaanxi Normal University, Xi'an 710062, China |
| |
| Abstract: | With the development of urban intelligence, the indoor positioning services based on WiFi received signal strength (RSS) have attracted extensive attention of society. The deep learning technology is a powerful method to achieve high indoor positioning performance using RSS signal. However, it is vulnerable to adversarial sample attack, which brings serious security risks to the indoor positioning system. In this paper, we propose a deep learning based fingerprint indoor localization method using WiFi RSS against adversarial samples attack (AdvILoc), leveraging the research and analysis of anti-sample defense methods in the field of image recognition. The AdvILoc defend against adversarial samples attack through adding a polling layer, a full connection layer, and a noise layer with differential privacy to the fingerprint indoor positioning deep learning model, which contemplates the characteristics of single and dimension of RSS signals. It also solves the problem of overfitting and weak generalization of deep learning based fingerprint indoor localization model. Meanwhile, the robustness of the model against adversarial samples attack is improved by adding a Dropout layer and designing the parameters regularization of model. The experimental results on two real indoor RSS fingerprint datasets show that, compared with the existing indoor localization methods based on multi-layer perception (MLP) and convolution neural network (CNN), the AdvILoc improves the robustness of the localization model against adversarial samples attack without compromising the localization performance. Additionally, under the C&W attack that meets the l2-normal form specification, the localization accuracy of the model also decreases more smoothly with the increment of the attack size. |
| |
| Keywords: | |
|
| 点击此处可从《北京航空航天大学学报》浏览原始摘要信息 |
| 点击此处可从《北京航空航天大学学报》下载免费的PDF全文 |
|
