Adaptive and Robust Data Poisoning Detection and Sanitization in Wearable IoT Systems using Large Language Models

TL;DR

The paper tackles data poisoning in wearable IoT HAR systems by leveraging large language models to detect and sanitize poisoned sensor data in zero-/one-/few-shot settings. It introduces a security-oriented, prompt-driven framework that uses role-play and chain-of-thought reasoning to infer poisoning indicators and generate cleaned data for downstream HAR training, reducing reliance on labeled datasets. Through theoretical metrics and extensive experiments on MotionSense, HHAR, and WISDM, the work demonstrates competitive poisoning detection and sanitization performance, while analyzing trade-offs in communication cost, latency, and privacy. The approach offers interpretability via natural-language justifications and shows promise for real-time, adaptable defenses in dynamic IoT environments, with future work focusing on edge deployment and privacy-preserving techniques.

Abstract

The widespread integration of wearable sensing devices in Internet of Things (IoT) ecosystems, particularly in healthcare, smart homes, and industrial applications, has required robust human activity recognition (HAR) techniques to improve functionality and user experience. Although machine learning models have advanced HAR, they are increasingly susceptible to data poisoning attacks that compromise the data integrity and reliability of these systems. Conventional approaches to defending against such attacks often require extensive task-specific training with large, labeled datasets, which limits adaptability in dynamic IoT environments. This work proposes a novel framework that uses large language models (LLMs) to perform poisoning detection and sanitization in HAR systems, utilizing zero-shot, one-shot, and few-shot learning paradigms. Our approach incorporates \textit{role play} prompting, whereby the LLM assumes the role of expert to contextualize and evaluate sensor anomalies, and \textit{think step-by-step} reasoning, guiding the LLM to infer poisoning indicators in the raw sensor data and plausible clean alternatives. These strategies minimize reliance on curation of extensive datasets and enable robust, adaptable defense mechanisms in real-time. We perform an extensive evaluation of the framework, quantifying detection accuracy, sanitization quality, latency, and communication cost, thus demonstrating the practicality and effectiveness of LLMs in improving the security and reliability of wearable IoT systems.

Figures (11)

• Figure 1: Overview of the Threat Model: An adversary introduces manipulated data to poison the model, compromising its performance and accuracy. (A): Normal flow of model training, (B): Model training after an attack with poisoned data.
• Figure 2: LLM-Driven Secure Wearable IoT: Traditional Defenses suffer from dependency on the curation of trusted datasets, limiting their adaptability and scalability in dynamic environments. We aim to address these limitations with our proposed Large Language Model (LLM)-based defense.
• Figure 3: Overview of the proposed LLM-based framework for detecting and sanitizing data poisoning in wearable IoT sensor data. The framework enables zero-/one-/few-shot poisoning detection and sanitization with interpretable reasoning and minimal supervision for generating trustworthy datasets and improving the robustness of downstream activity recognition models.
• Figure 4: One-shot prompt templates for ChatGPT-3.5-turbo, ChatGPT-4.0, and Gemini on the MotionSense (left), HHAR (middle), and WISDM (right) datasets.
• Figure 5: Poison Detection Accuracy Comparison of Zero-shot, One-shot, and Few-shot Methods for ChatGPT-3.5, ChatGPT-4, and Gemini on MotionSense, HHAR, and WISDM Datasets.