Evasion Attacks and Countermeasures in Deep Learning-Based Wi-Fi Gesture Recognition


Yin, Guolin ORCID: 0009-0004-4031-8547, Zhang, Junqing ORCID: 0000-0002-3502-2926, Yi, Xinping ORCID: 0000-0001-5163-2364 and Wang, Xuyu ORCID: 0000-0002-4759-8674 (2025) Evasion Attacks and Countermeasures in Deep Learning-Based Wi-Fi Gesture Recognition. IEEE Transactions on Mobile Computing, 24 (9). pp. 8180-8195. ISSN 1536-1233, 1558-0660

[thumbnail of TMC2025_WiFi_Sensing_Adversarial_Attack.pdf] Text
TMC2025_WiFi_Sensing_Adversarial_Attack.pdf - Author Accepted Manuscript
Available under License Creative Commons Attribution.
Download (1MB) | Preview

Abstract

Deep learning-based Wi-Fi sensing has received massive interest thanks to the prevalence of Wi-Fi technology. While deep learning techniques provide promising results in Wi-Fi sensing, there are only very few studies on the vulnerabilities against Wi-Fi ensing. In this paper, we studied evasion attacks against deep learning-based Wi-Fi sensing and the countermeasure and conducted an extensive experimental evaluation using two publicly available datasets, namely SignFi and Widar. Accordingly, we proposed three white-box and two black-box attacks and revealed that even with an undetectable power change, evasion attacks can achieve a remarkable attack success rate (ASR) of 97.0% and 95.6% in white-box and black-box settings, respectively. These results highlight the urgent need for countermeasures against evasion attacks in Wi-Fi sensing systems. We introduced adversarial training and randomised smoothing, which notably improved the robustness of the Wi-Fi sensing model. The ASRs for white-box and black-box attacks were reduced to a minimum of around 6% and 2%, respectively. Moreover, randomised smoothing also introduced certifiable robustness, achieving 70.1% of samples certified for our model. The certification method provides an additional layer of reliability, ensuring that the model’s performance remains consistent and predictable even under adversarial conditions.

Item Type: Article
Uncontrolled Keywords: 4605 Data Management and Data Science, 46 Information and Computing Sciences, Machine Learning and Artificial Intelligence, Networking and Information Technology R&D (NITRD)
Divisions: Faculty of Science and Engineering
Faculty of Science and Engineering > School of Electrical Engineering, Electronics and Computer Science
Depositing User: Symplectic Admin
Date Deposited: 31 Mar 2025 08:33
Last Modified: 09 Sep 2025 22:32
DOI: 10.1109/tmc.2025.3557757
Related Websites:
URI: https://livrepository.liverpool.ac.uk/id/eprint/3191078
Altmetric
CORE (COnnecting REpositories)