Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Differentially Private Integrated Decision Gradients (IDG-DP) for Radar-based Human Activity Recognition

Idris Zakariyya, Linda Tran, Kaushik Bhargav Sivangi, Paul Henderson, Fani Deligianni

TL;DR

This study investigates privacy vulnerabilities in radar-based Human Activity Recognition (HAR) systems and proposes a novel method for privacy preservation using Differential Privacy (DP) driven by attributions derived with Integrated Decision Gradient (IDG) algorithm.

Abstract

Human motion analysis offers significant potential for healthcare monitoring and early detection of diseases. The advent of radar-based sensing systems has captured the spotlight for they are able to operate without physical contact and they can integrate with pre-existing Wi-Fi networks. They are also seen as less privacy-invasive compared to camera-based systems. However, recent research has shown high accuracy in recognizing subjects or gender from radar gait patterns, raising privacy concerns. This study addresses these issues by investigating privacy vulnerabilities in radar-based Human Activity Recognition (HAR) systems and proposing a novel method for privacy preservation using Differential Privacy (DP) driven by attributions derived with Integrated Decision Gradient (IDG) algorithm. We investigate Black-box Membership Inference Attack (MIA) Models in HAR settings across various levels of attacker-accessible information. We extensively evaluated the effectiveness of the proposed IDG-DP method by designing a CNN-based HAR model and rigorously assessing its resilience against MIAs. Experimental results demonstrate the potential of IDG-DP in mitigating privacy attacks while maintaining utility across all settings, particularly excelling against label-only and shadow model black-box MIA attacks. This work represents a crucial step towards balancing the need for effective radar-based HAR with robust privacy protection in healthcare environments.

Differentially Private Integrated Decision Gradients (IDG-DP) for Radar-based Human Activity Recognition

TL;DR

This study investigates privacy vulnerabilities in radar-based Human Activity Recognition (HAR) systems and proposes a novel method for privacy preservation using Differential Privacy (DP) driven by attributions derived with Integrated Decision Gradient (IDG) algorithm.

Abstract

Human motion analysis offers significant potential for healthcare monitoring and early detection of diseases. The advent of radar-based sensing systems has captured the spotlight for they are able to operate without physical contact and they can integrate with pre-existing Wi-Fi networks. They are also seen as less privacy-invasive compared to camera-based systems. However, recent research has shown high accuracy in recognizing subjects or gender from radar gait patterns, raising privacy concerns. This study addresses these issues by investigating privacy vulnerabilities in radar-based Human Activity Recognition (HAR) systems and proposing a novel method for privacy preservation using Differential Privacy (DP) driven by attributions derived with Integrated Decision Gradient (IDG) algorithm. We investigate Black-box Membership Inference Attack (MIA) Models in HAR settings across various levels of attacker-accessible information. We extensively evaluated the effectiveness of the proposed IDG-DP method by designing a CNN-based HAR model and rigorously assessing its resilience against MIAs. Experimental results demonstrate the potential of IDG-DP in mitigating privacy attacks while maintaining utility across all settings, particularly excelling against label-only and shadow model black-box MIA attacks. This work represents a crucial step towards balancing the need for effective radar-based HAR with robust privacy protection in healthcare environments.

Paper Structure

This paper contains 51 sections, 2 equations, 21 figures, 16 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Background and Related Work
  3. Human Activity Recognition with Radar Technology
  4. Privacy in Human Motion Analysis
  5. Biometrics in Human Motion
  6. Privacy Threats Against DNN Models in HAR
  7. Defense methods against MIA
  8. Privacy-Preservation techniques in HAR
  9. Methods
  10. Problem definition and Threat Model
  11. Multi-Task Network
  12. Integrated Decision Gradients Differential Privacy (IDG-DP)
  13. Evaluation
  14. Dataset and preprocessing
  15. Experimental Setup
  16. ...and 36 more sections

Figures (21)

  • Figure 1: Investigated Threat Models
  • Figure 2: Micro-Doppler spectrograms of a person performing 3 different activities. Unique movement patterns visible in micro-Doppler spectrograms enable both activity and subject recognition.
  • Figure 3: Impact of Different Activity Attribution Thresholds and $\epsilon$ Levels on a 10-Subject HAR Model. (a) average accuracy of HAR across $\epsilon$ values while the attribution threshold varies, (b) Accuracy of HAR across $\epsilon$ values demonstrates the utility-privacy trade-off of the proposed method, (c) Distribution of pixel attributions derived from IDG.
  • Figure 4: Models performance comparison against Label-Only MIA: a) Label Only MIA, attack training size = 25, attack test size = 25, evaluation size = 25, $epsilon = 1.20$ attribution threshold = 0.00025 For Base-DP IG-DP, Sal-DP, IIG-DP, ISG-DP and IDG-DP. noise mask for Optics = 0.50, b) Label Only MIA, attack training size = 40, attack test size = 30, evaluation size = 20, $epsilon = 1.20$ attribution threshold = 0.00025 For IG-DP, Sal-DP, IIG-DP, ISG-DP and IDG-DP. noise mask for Optics = 0.50
  • Figure 5: Multi-Task Network Architecture Summary.
  • ...and 16 more figures