WiCAM2.0: Imperceptible and Targeted Attack on Deep Learning based WiFi Sensing

With the widespread adoption of deep learning models in wireless sensing, substantial efforts have been made to develop sophisticated models that improve the accuracy and performance of sensing applications. However, the exploration of potential vulnerabilities in deep learning models has been limited, with existing studies primarily focusing on evaluating wireless adversarial performance in communication or sensing alone. Moreover, there is a lack of a comprehensive definition for attack imperceptibility. In this article, we come up with a definition of the wireless attack imperceptibility for both communication and sensing. Our objective is to create an adversarial perturbation capable of degrading WiFi sensing performance while preserving WiFi communication integrity. To achieve this, we propose WiCAM2.0 to reveal the temporal and spatial attention of a deep neural network, capturing the crucial portions of its input. Then, we design a mask to confine adversarial perturbations in the attended parts only, minimizing the impact on WiFi communication. WiCAM2.0 is a general adversarial framework that integrates adversarial methods such as the Fast Gradient Sign Method and Projected Gradient Descent to generate perturbations, capable of initiating both non-targeted and targeted attacks. We carry out experiments on three popular WiFi sensing applications, including human activity recognition, gesture recognition, and user identification. Extensive experiments are conducted on both public datasets and self-collected datasets.