Abstract
Although deep neural networks have shown remarkable success in solving complex problems even beyond the human capabilities, the recent studies show that these are vulnerable to adversarial attacks in the form of small perturbations (noise) introduced to the inputs that lead a model to predict incorrect output. Even though, the adversarial data and input data resemble same, but they are exceptionally different to fool the model prediction. Adversarial attacks are representing risk in accomplishing deep learning model prediction. In this report, we consider adversarial attack on deep learning based indoor localization problem. Among various indoor localization techniques, Wi-Fi fingerprinting using signal strength (RSS) values is probably one of the most widely used. However, the localization accuracy can be affected by fluctuations in Wi-Fi RSS values. Thus, this report presents three different adversarial attacks including Fast Gradient Sign Method, Targeted Fast Gradient Sign method, and Carlini-Wagner attack on a convolutional neural network (CNN) model, which is trained on the UJIIndoorLoc dataset for building and floor level classification in indoor localization problem. The experimental results show how these three adversarial attacks perform on testing phase and show how successfully fool the trained CNN model, thus leading to low indoor localization accuracy.