Search papers, labs, and topics across Lattice.
This paper introduces IMU-DM-CLIP, a backdoor training technique that utilizes a diffusion model to facilitate trigger-based attacks on human activity recognition (HAR) models. By generating synthetic data through this method, the authors demonstrate that even a minimal backdoor injection rate of 10% can effectively compromise the accuracy of HAR systems. The findings underscore the vulnerabilities in sensor-based applications, highlighting the ease with which malicious actors can exploit these models with limited data manipulation.
A mere 10% backdoor injection can significantly undermine the accuracy of human activity recognition models, revealing critical security vulnerabilities in sensor-based systems.
Sensors are critical components of modern intelligent devices. The proliferation of the Internet of Things (IoT) and wearable mobile devices has enabled the integration of such sensors to monitor the environment and enable users to take predictive actions. Human activity recognition (HAR) is a popular application in which Inertial Measurement Unit (IMU)-based sensors, such as accelerometers and gyroscopes, are used to provide insights into health, training, and medical diagnosis. However, the accuracy of such a model is hindered by the lack of data. The diffusion model-based technique has proven successful in generating synthetic data for training HAR models. In this paper, we propose a backdoor training technique, IMU-DM-CLIP, that leverages a diffusion model to enable trigger-based attacks on HAR models. Our empirical analysis shows that the attack is successful even with a very small backdoor injection rate of 10\% and 10\% of the data guided for the diffusion model.