Data Science | Ph.D. Qualifier Presentation | Mingzhi Hu
12:00 pm
Data Science
Ph.D. Qualifier Presentation
Mingzhi Hu, Ph.D. Student
Thursday, April 13th, 2023
12:00PM – 1:30PM
Zoom Link: https://wpi.zoom.us/my/mhu33
Committee Members
Prof. Yanhua Li (Advisor), Computer Science & Data Science, WPI
Prof. Xiangnan Kong, Computer Science & Data Science, WPI
Prof. Frank Zou, Mathematical Science & Data Science, WPI
TITLE
ST-iFGSM: Enhancing Robustness of Human Mobility Signature Identification Model via Spatial-Temporal Iterative FGSM
ABSTRACT
The Human Mobility Signature Identification (HuMID) problem aims at determining whether the incoming trajectories were generated by a claimed agent from the historical movement trajectories of a set of individual human agents such as pedestrians and taxi drivers. The HuMID problem is significant, and its solutions have a wide range of real-world applications, such as criminal identification for police departments, risk assessment for auto insurance providers, driver verification in ride-sharing services, and so on. Though Deep neural networks (DNN) based HuMID models on spatial-temporal mobility fingerprint similarity demonstrate remarkable performance in effectively identifying human agents’ mobility signatures, it is vulnerable to adversarial attacks as other DNN-based models. Therefore, we propose a SpatialTemporal iterative Fast Gradient Sign Method with 𝐿0 regularization – ST-iFGSM – to detect the vulnerability and enhance the robustness of HuMID models. Extensive experiments with real-world taxi trajectory data demonstrate the efficiency and effectiveness of our ST-iFGSM algorithm. We tested our method on both the ST-SiameseNet and an LSTM-based HuMID classification model. It shows that ST-iFGSM can generate successful attacks to fool the HuMID models with only a few steps of attack in a small portion of the trajectories. The generated attacks can be used as augmented data to update and improve the HuMID model accuracy significantly from 47.36% to 76.18% on testing samples after the attack (86.25% on the original testing samples).