WiCAM: Imperceptible Adversarial Attack on Deep Learning based WiFi Sensing

With the popularization of deep learning models in wireless sensing, researchers have made considerable efforts to construct sophisticated models to improve the accuracy of related applications. But very few studies have addressed the potential vulnerabilities of deep models, and existing works evaluate wireless adversarial performance only in communication or sensing. None of them has a comprehensive definition of attack imperceptibility. In this paper, we come up with a definition of the wireless attack imperceptibility for both communication and sensing. Our goal is to craft an adversarial perturbation, which can degrade the performance of WiFi sensing without compromising WiFi communication. To achieve this goal, we propose WiCAM to reveal the temporal and spatial attention of a DNN, capturing the crucial portions of its input. Then we design a mask to limit adversarial perturbation in the attended parts only, and thus the impact of the attack on WiFi communication is minimized WiCAM is a general adversarial framework that can integrate existing adversarial methods such as FGSM and PGD to generate perturbations. We carry out experiments on three popular WiFi sensing applications, including human activity recognition, gesture recognition, and user identification. Extensive experiments are conducted on both public datasets and self-collected datasets. The results show that when declining the accuracy of a target model below 50%, WiCAM can reduce the impact on communication in terms of BER by up to 77.78% in QAM-64, compared to the common adversarial methods.