Go to OpenReview Public Article DBLP homepagePoisoning Attacks against Gait-based Identity Recognition
Abstract: Investigating the endogenous vulnerabilities of gait-based identity recognition (GBIR) is extremely important for protecting the privacy information of users stored in smart devices. In this paper, we first elaborate the poisoning attacks against the GBIR to evaluate its robustness, in which the model training process can be deliberately corrupted to manipulate its identity prediction intentionally, e.g., the illegitimate user Alice is misidentified as the targeted legitimate user Bob. To this end, we formulate a bilevel optimization problem to characterize the sequential decision-making interaction process between the attacker and the gait recognizer that is formalized by a sparse representation optimization. Further, we reformulate this NP-hard bilevel problem into a computable mixed integer program to purse a maximum-effectiveness and minimum-cost attack strategy. Finally, we perform experiments on the single- and multi-source datasets to verify the validity of our poisoning attacks in inducing the identity misrecognition.
External IDs:dblp:conf/apsipa/DongPPL23
Loading