CLIP-guided Diffusion Model for Backdoor Generation in Sensor-based Human Activity Recognition
2026-06-22 • Machine Learning
Machine LearningArtificial IntelligenceCryptography and Security
AI summaryⓘ
The authors focus on sensors used to recognize human activities through data from devices like accelerometers. They highlight that creating accurate models is tough when there's not enough data. To address this, they use a special method called a diffusion model to create fake data for training, but they also show how this method can be used maliciously. Their new technique, named IMU-DM-CLIP, can secretly manipulate these activity recognition models with very little altered data. Their tests show this attack works even when modifying just 10% of the data.
Human Activity RecognitionInertial Measurement UnitAccelerometerGyroscopeDiffusion ModelSynthetic DataBackdoor AttackTrigger-based AttackInternet of ThingsWearable Devices
Authors
Toby Briston, Illya Kosyk, Kuniyih S
Abstract
Sensors are critical components of modern intelligent devices. The proliferation of the Internet of Things (IoT) and wearable mobile devices has enabled the integration of such sensors to monitor the environment and enable users to take predictive actions. Human activity recognition (HAR) is a popular application in which Inertial Measurement Unit (IMU)-based sensors, such as accelerometers and gyroscopes, are used to provide insights into health, training, and medical diagnosis. However, the accuracy of such a model is hindered by the lack of data. The diffusion model-based technique has proven successful in generating synthetic data for training HAR models. In this paper, we propose a backdoor training technique, IMU-DM-CLIP, that leverages a diffusion model to enable trigger-based attacks on HAR models. Our empirical analysis shows that the attack is successful even with a very small backdoor injection rate of 10\% and 10\% of the data guided for the diffusion model.