A Privacy-preserving Indoor Localization Approach To Resist Adversarial Attacks In Edge Computing Environments

With the gradual development of urban intelligence,the importance and value of indoor positioning technology has been increasingly apparent,and it has become an indispensable part of public life.However,the deep learning（DL）model of indoor positioning is extremely vulnerable to adversarial sample attacks in the real-time positioning stage,and the service quality of indoor positioning systems faces important challenges.And as the dynamic environment of indoor positioning is constantly changing,the existing indoor positioning DL models cannot guarantee real-time and accuracy,which has increasingly serious security problems while bringing great benefits to individuals and enterprises.How to provide high-quality,robust and real-time indoor positioning services to users while resisting adversarial sample attacks has become an indispensable research hotspot.The security problems of the DL model being attacked by adversarial samples in the indoor real-time positioning stage and the privacy and security problems existing in the real-time model update stage in the edge computing environment are studied.The main works are as follows:（1）To address the security problem that DL models are vulnerable to adversarial sample attacks in indoor real-time localization,an indoor localization method is proposed to resist adversarial sample attacks.The method uses a hidden security defense mechanism and differential privacy（DP）techniques to add a noise layer satisfyingε-DP to the network structure of Convolutional Neural Networks（CNN）,randomize the computational results of model generalization,and provide users with robust and certified indoor localization services that satisfyε-DP.The experimental results show that the proposed method achieves stronger robustness than existing deep learning-based fingerprint indoor localization methods with little impact on the model localization performance.When the attack bound L=0.03 is constrained,the training accuracy of the model only decreases by 0.25%,but the authentication accuracy of the indoor location service increases by 3.5%.Under the C&W attack that satisfied the7)₂paradigm specification,as the size of the attack L_attack continues to increase,the positioning accuracy of the model also decreases more smoothly than the existing indoor positioning deep learning model.In summary,this method can resist adversarial sample attacks and ensure the effectiveness of the model.（2）Aiming at the privacy and security problems of real-time model updating in complex indoor dynamic environments,an indoor real-time positioning privacy protection method based on incremental learning（IL）under edge computing is proposed.The method uses the regularized IL technique and the DP serial combination theorem to protect the model parameters at the T_n-1 moment from being overwritten by the model parameters at the nT moment by imposing constraints on the new model loss function,so that the model utility can reach an optimal balance between the old and new moment data distributions,and to protect the privacy of indoor real-time localization by assigning a multi-level privacy budgetem,e_n to the user data and the model parameters during the model update.The experimental results show that,in terms of model performance,the proposed method achieves better privacy-preserving strength compared to the IL-based indoor real-time positioning method（No-eps）and Lw F without privacy protection,with almost no impact on model positioning performance.In terms of incremental model update,the test accuracy of the proposed method is always higher than that of Lw F with the increasing number of categories.When increased to 8 classes,the test accuracy of the proposed method is 3.8%higher than that of Lw F,because adding a small amount of RSS fingerprint image data in at the T_n-1 moment can improve the generalization ability of the updated model to temporal data.In addition,the proposed method has no significant additional overhead in terms of testing time as well as training time of model updating.In summary,the proposed method can achieve a balance between model performance,privacy protection strength,and time overhead to provide users with more secure,reliable,and high-quality indoor positioning services.