Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Privacy on the Fly: A Predictive Adversarial Transformation Network for Mobile Sensor Data

Tianle Song, Chenhao Lin, Yang Cao, Zhengyu Zhao, Jiahao Sun, Chong Zhang, Le Yang, Chao Shen

TL;DR

The paper tackles privacy leakage from mobile motion sensors by introducing PATN, a real-time, history-driven adversarial perturbation framework. PATN forecasts future perturbations from historical sensor data, applies them with zero latency on-device, and optimizes for adversarial effectiveness, temporal robustness, and smoothness. It achieves substantially higher privacy protection (ASR ~40–45% and EER ~41–46%) than baseline methods while preserving semantic utility for benign tasks, and demonstrates robustness across multiple privacy models, input lengths, and black-box architectures. The work offers a practical, deployable approach to privacy in streaming sensor data with potential broader impact for protecting sensitive attributes in mobile contexts.

Abstract

Mobile motion sensors such as accelerometers and gyroscopes are now ubiquitously accessible by third-party apps via standard APIs. While enabling rich functionalities like activity recognition and step counting, this openness has also enabled unregulated inference of sensitive user traits, such as gender, age, and even identity, without user consent. Existing privacy-preserving techniques, such as GAN-based obfuscation or differential privacy, typically require access to the full input sequence, introducing latency that is incompatible with real-time scenarios. Worse, they tend to distort temporal and semantic patterns, degrading the utility of the data for benign tasks like activity recognition. To address these limitations, we propose the Predictive Adversarial Transformation Network (PATN), a real-time privacy-preserving framework that leverages historical signals to generate adversarial perturbations proactively. The perturbations are applied immediately upon data acquisition, enabling continuous protection without disrupting application functionality. Experiments on two datasets demonstrate that PATN substantially degrades the performance of privacy inference models, achieving Attack Success Rate (ASR) of 40.11% and 44.65% (reducing inference accuracy to near-random) and increasing the Equal Error Rate (EER) from 8.30% and 7.56% to 41.65% and 46.22%. On ASR, PATN outperforms baseline methods by 16.16% and 31.96%, respectively.

Privacy on the Fly: A Predictive Adversarial Transformation Network for Mobile Sensor Data

TL;DR

The paper tackles privacy leakage from mobile motion sensors by introducing PATN, a real-time, history-driven adversarial perturbation framework. PATN forecasts future perturbations from historical sensor data, applies them with zero latency on-device, and optimizes for adversarial effectiveness, temporal robustness, and smoothness. It achieves substantially higher privacy protection (ASR ~40–45% and EER ~41–46%) than baseline methods while preserving semantic utility for benign tasks, and demonstrates robustness across multiple privacy models, input lengths, and black-box architectures. The work offers a practical, deployable approach to privacy in streaming sensor data with potential broader impact for protecting sensitive attributes in mobile contexts.

Abstract

Mobile motion sensors such as accelerometers and gyroscopes are now ubiquitously accessible by third-party apps via standard APIs. While enabling rich functionalities like activity recognition and step counting, this openness has also enabled unregulated inference of sensitive user traits, such as gender, age, and even identity, without user consent. Existing privacy-preserving techniques, such as GAN-based obfuscation or differential privacy, typically require access to the full input sequence, introducing latency that is incompatible with real-time scenarios. Worse, they tend to distort temporal and semantic patterns, degrading the utility of the data for benign tasks like activity recognition. To address these limitations, we propose the Predictive Adversarial Transformation Network (PATN), a real-time privacy-preserving framework that leverages historical signals to generate adversarial perturbations proactively. The perturbations are applied immediately upon data acquisition, enabling continuous protection without disrupting application functionality. Experiments on two datasets demonstrate that PATN substantially degrades the performance of privacy inference models, achieving Attack Success Rate (ASR) of 40.11% and 44.65% (reducing inference accuracy to near-random) and increasing the Equal Error Rate (EER) from 8.30% and 7.56% to 41.65% and 46.22%. On ASR, PATN outperforms baseline methods by 16.16% and 31.96%, respectively.

Paper Structure

This paper contains 28 sections, 10 equations, 5 figures, 8 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Problem Setting
  4. Methodology
  5. Overview
  6. Predictive Adversarial Transformation Network
  7. Perturbation Range Setting.
  8. History-Driven Generative Model for Perturbation.
  9. History-Aware Top-k Optimization.
  10. Objective Function.
  11. Experiments
  12. Implementation Details
  13. Datasets.
  14. Evaluation Metric.
  15. Privacy Inference Models and Baseline Methods.
  16. ...and 13 more sections

Figures (5)

  • Figure 1: Our method vs. existing methods, addressing two issues: (1) temporal semantic distortion and (2) delayed obfuscation due to segment-wise processing.
  • Figure 2: Illustrating the two problems: generating real-time perturbations for continuously arriving sensor data, and addressing temporal misalignment where attacks may occur at arbitrary, unpredictable time points.
  • Figure 3: Overview of the PATN framework. The system includes PATN training, where the network learns to generate privacy-preserving perturbations, and on-device deployment, where the trained model runs securely in real time.
  • Figure 4: The AUC curve of adversarial data generated by PATN compared to the raw data when applied to the privacy inference model.
  • Figure 5: Comparison of Raw and Adversarial sensor data (accelerometer) on IMU Axes.