pith. sign in

arxiv: 2604.21774 · v1 · submitted 2026-04-23 · 💻 cs.CR

Adversarial Robustness of Near-Field Millimeter-Wave Imaging under Waveform-Domain Attacks

Lhamo Dorje , Jordan Madden , Soamar Homsi , Xiaohua Li This is my paper

Pith reviewed 2026-05-09 21:29 UTC · model grok-4.3

classification 💻 cs.CR
keywords adversarial robustnessmmWave imagingwaveform-domain attacksnear-field imagingphysical attacksdeep learning robustnessimaging algorithmssecurity screening
0
0 comments X

The pith

Waveform-domain attacks can conceal or alter targets in near-field mmWave images using moderate power, though deep-learning reconstruction proves more resistant than classical methods.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper examines the security of near-field millimeter-wave imaging systems used in safety-critical settings such as airport screening. The authors introduce a white-box adversarial model and a differential imaging attack framework that optimizes attack waveforms by exploiting the differentiable reconstruction pipeline. They collect a real measured dataset of clean and attacked waveforms from a physical testbed. Experiments across ten representative algorithms demonstrate that these attacks succeed in hiding or modifying targets at moderate transmission power. Deep-learning-based algorithms show noticeably higher robustness than classical ones, exposing risks that would require new defenses if the findings hold.

Core claim

Near-field mmWave imaging algorithms are highly vulnerable to waveform-domain physical attacks. Using a white-box model and a differential imaging attack framework built on the differentiable imaging pipeline, together with a dataset of real measured waveforms, the authors show that adversaries can optimize attack signals to conceal or alter targets in the reconstructed image with moderate power. Deep-learning-based imaging algorithms exhibit greater resistance to these attacks than classical algorithms.

What carries the argument

The differential imaging attack framework, which optimizes attack waveforms by back-propagating through the differentiable imaging pipeline to maximize impact on the final reconstruction.

If this is right

  • Adversaries could conceal prohibited items during mmWave screening with moderate transmission power.
  • Targets in the reconstructed image could be altered to produce false positives or negatives.
  • Deep-learning reconstruction methods offer a measurable advantage in resisting these specific attacks.
  • Current mmWave systems in security applications face exploitable physical-layer weaknesses.
  • Secure imaging pipelines must incorporate waveform-domain defenses to remain reliable.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the white-box assumption holds only in limited settings, black-box transfer attacks could still pose a practical threat once attack waveforms are precomputed.
  • The observed robustness gap between deep-learning and classical methods suggests that end-to-end learned pipelines may implicitly regularize against certain waveform perturbations.
  • Extending the framework to other near-field sensing modalities, such as terahertz imaging, would test whether the vulnerability is specific to mmWave hardware or general to differentiable reconstruction.
  • Deployment of robust mmWave scanners would benefit from hybrid classical-plus-deep-learning pipelines that retain interpretability while gaining attack resistance.

Load-bearing premise

The white-box adversarial model is practical in real deployments and the differential imaging attack framework accurately captures the effects of physical waveform manipulation on the reconstruction process.

What would settle it

A physical testbed experiment in which attack waveforms generated by the framework produce no measurable change in the reconstructed images of the ten algorithms, or in which classical algorithms match the robustness of deep-learning ones under identical power levels.

Figures

Figures reproduced from arXiv: 2604.21774 by Jordan Madden, Lhamo Dorje, Soamar Homsi, Xiaohua Li.

Figure 1
Figure 1. Figure 1: System model of the near-field mmWave imaging scenario under [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Experimental testbed for data acquisition. A TI IWR1843Boost [PITH_FULL_IMAGE:figures/full_fig_p005_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Example of measured waveforms and their spectra. Top: time-domain [PITH_FULL_IMAGE:figures/full_fig_p005_3.png] view at source ↗
Figure 6
Figure 6. Figure 6: With moderately increased attack power ( [PITH_FULL_IMAGE:figures/full_fig_p006_6.png] view at source ↗
Figure 4
Figure 4. Figure 4: Representative results of the Target Conceal Attack. The clean reconstruction [PITH_FULL_IMAGE:figures/full_fig_p008_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Representative results of the Target Swap Attack. Each row corresponds to a different imaging algorithm, showing the clean reconstruction (left), the [PITH_FULL_IMAGE:figures/full_fig_p010_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Representative results of the Randomization Attack. Using randomly [PITH_FULL_IMAGE:figures/full_fig_p011_6.png] view at source ↗
read the original abstract

Near-field millimeter-wave (mmWave) imaging is widely deployed in safety-critical applications such as airport passenger screening, yet its own security remains largely unexplored. This paper presents a systematic study of the adversarial robustness of mmWave imaging algorithms under waveform-domain physical attacks that directly manipulate the image reconstruction process. We propose a practical white-box adversarial model and develop a differential imaging attack framework that leverages the differentiable imaging pipeline to optimize attack waveforms. We also construct a real measured dataset of clean and attack waveforms using a mmWave imaging testbed. Experiments on 10 representative imaging algorithms show that mmWave imaging is highly vulnerable to such attacks, enabling an adversary to conceal or alter targets with moderate transmission power. Surprisingly, deep-learning-based imaging algorithms demonstrate higher robustness than classical algorithms. These findings expose critical security risks and motivate the development of robust and secure mmWave imaging systems.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript presents a study on the adversarial robustness of near-field millimeter-wave imaging under waveform-domain physical attacks. It introduces a white-box adversarial model and a differential imaging attack framework that optimizes attack waveforms by exploiting the differentiable imaging pipeline. A real measured dataset of clean and attack waveforms is constructed using a mmWave imaging testbed. Experiments across 10 representative imaging algorithms conclude that mmWave imaging is highly vulnerable, allowing adversaries to conceal or alter targets with moderate transmission power, while deep-learning-based algorithms exhibit higher robustness than classical methods.

Significance. If the empirical results hold under realistic conditions, the work identifies important security risks for safety-critical mmWave imaging deployments such as airport screening. The construction and use of a real measured dataset, together with evaluation on 10 algorithms, provides concrete evidence beyond purely simulated attacks. The comparative finding that deep-learning-based methods are more robust than classical ones is a useful insight that could guide development of secure imaging systems.

major comments (2)
  1. [Attack Framework] The differential imaging attack framework relies on a fully differentiable reconstruction operator to optimize waveforms in the white-box setting. The manuscript does not specify how differentiability is obtained or approximated for the classical (non-DL) algorithms among the 10 evaluated, nor does it quantify approximation error; this directly affects the validity of the optimized attack waveforms and the reported success rates for target concealment/alteration.
  2. [Experimental Evaluation] The central claim that attacks succeed 'with moderate transmission power' in real deployments rests on the white-box model and testbed measurements. The experimental section reports results on a constructed real dataset but provides no end-to-end closed-loop physical attack validation, hardware distortion measurements, or controls for phase noise and calibration mismatches; without these, the transfer from optimized waveforms to practical vulnerability cannot be assessed.
minor comments (2)
  1. The abstract states that 'deep-learning-based imaging algorithms demonstrate higher robustness' but does not quantify the robustness gap (e.g., success-rate differences or power thresholds) or list the exact 10 algorithms with citations.
  2. Statistical details such as number of trials, confidence intervals, or significance tests for the vulnerability claims are not visible in the provided description of the experiments.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the thorough review and constructive feedback on our manuscript. We address the major comments point by point below, indicating the revisions we intend to make.

read point-by-point responses

  1. Referee: [Attack Framework] The differential imaging attack framework relies on a fully differentiable reconstruction operator to optimize waveforms in the white-box setting. The manuscript does not specify how differentiability is obtained or approximated for the classical (non-DL) algorithms among the 10 evaluated, nor does it quantify approximation error; this directly affects the validity of the optimized attack waveforms and the reported success rates for target concealment/alteration.

    Authors: We agree that additional details are needed. The manuscript will be revised to explicitly describe the approach for obtaining differentiability in classical algorithms, such as through adjoint-based gradient computation or finite-difference approximations, and to report the associated approximation errors observed in our experiments. This will strengthen the validity of the attack optimization results. revision: yes

  2. Referee: [Experimental Evaluation] The central claim that attacks succeed 'with moderate transmission power' in real deployments rests on the white-box model and testbed measurements. The experimental section reports results on a constructed real dataset but provides no end-to-end closed-loop physical attack validation, hardware distortion measurements, or controls for phase noise and calibration mismatches; without these, the transfer from optimized waveforms to practical vulnerability cannot be assessed.

    Authors: Our experiments utilize a real mmWave imaging testbed to measure the effects of the attack waveforms, providing empirical support beyond simulation. We acknowledge the value of more comprehensive validation including closed-loop tests and specific hardware characterizations. In the revised manuscript, we will expand the description of the testbed setup, include available measurements on phase noise and calibration, and discuss these aspects as potential limitations for real-world transfer. The moderate power claims are grounded in the transmitted power levels used in the physical measurements that produced the reported attack outcomes. revision: partial

Circularity Check

0 steps flagged

No circularity: empirical evaluation with measured data and no derivations

full rationale

The paper is an empirical security study. It proposes a white-box adversarial model and differential imaging attack framework, constructs a real measured dataset from a mmWave testbed, and evaluates 10 imaging algorithms via direct experiments. No mathematical derivations, parameter fits presented as predictions, self-definitional constructs, or load-bearing self-citations appear in the abstract or described content. Results rest on measured waveforms and reconstruction outputs rather than any chain that reduces to its own inputs by construction. This is the expected non-circular outcome for an experimental paper.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

No mathematical derivations or physical models are presented; the work is an empirical security study relying on experimental measurements.

pith-pipeline@v0.9.0 · 5454 in / 1018 out tokens · 32355 ms · 2026-05-09T21:29:43.422651+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

41 extracted references · 41 canonical work pages

  1. [1]

    Review of active millimeter wave imaging techniques for personnel security screening,

    Z. Wang, T. Chang, and H.-L. Cui, “Review of active millimeter wave imaging techniques for personnel security screening,”IEEE Access, vol. 7, pp. 148 336–148 350, 2019

    work page 2019

  2. [2]

    Millimeter wave sensing: A review of application pipelines and building blocks,

    B. van Berlo, A. Elkelany, T. Ozcelebi, and N. Meratnia, “Millimeter wave sensing: A review of application pipelines and building blocks,” IEEE Sensors Journal, vol. 21, no. 9, pp. 10 332–10 368, 2021

    work page 2021

  3. [3]

    Rf sensing security and malicious exploitation: A comprehensive survey,

    M. Han, H. Yang, W. Li, W. Xu, X. Cheng, P. Mohapatra, and P. Hu, “Rf sensing security and malicious exploitation: A comprehensive survey,” arXiv preprint arXiv:2504.10969, 2025

    work page arXiv 2025

  4. [4]

    A comprehen- sive study on the robustness of deep learning-based image classification and object detection in remote sensing: Surveying and benchmarking,

    S. Mei, J. Lian, X. Wang, Y . Su, M. Ma, and L.-P. Chau, “A comprehen- sive study on the robustness of deep learning-based image classification and object detection in remote sensing: Surveying and benchmarking,” Journal of Remote Sensing, vol. 4, p. 0219, 2024

    work page 2024

  5. [5]

    Analyzing the adversarial robustness and interpretability of deep sar classification models: A comprehensive examination of their reliability,

    T. Chen, L. Zhang, W. Guo, Z. Zhang, and M. Datcu, “Analyzing the adversarial robustness and interpretability of deep sar classification models: A comprehensive examination of their reliability,”Remote Sensing, vol. 17, no. 11, p. 1943, 2025

    work page 1943

  6. [6]

    Evasive camouflage attack of rf sensing and imaging systems,

    L. Dorje, X. Li, and S. Homsi, “Evasive camouflage attack of rf sensing and imaging systems,” inICC 2024-IEEE International Conference on Communications. IEEE, 2024, pp. 147–152

    work page 2024

  7. [7]

    A survey of mmwave radar- based sensing in autonomous vehicles, smart homes and industry,

    H. Kong, C. Huang, J. Yu, and X. Shen, “A survey of mmwave radar- based sensing in autonomous vehicles, smart homes and industry,”IEEE Communications Surveys & Tutorials, vol. 27, no. 1, pp. 463–508, 2024

    work page 2024

  8. [8]

    Millimeter wave dielectric spectroscopy and breast cancer imaging,

    L. Chao, M. N. Afsar, and K. A. Korolev, “Millimeter wave dielectric spectroscopy and breast cancer imaging,” in2012 7th European Mi- crowave Integrated Circuit Conference. IEEE, 2012, pp. 572–575

    work page 2012

  9. [9]

    Radar-based human-motion recognition with deep learning: Promising applications for indoor monitoring,

    S. Z. Gurbuz and M. G. Amin, “Radar-based human-motion recognition with deep learning: Promising applications for indoor monitoring,”IEEE Signal Processing Magazine, vol. 36, no. 4, pp. 16–28, 2019

    work page 2019

  10. [10]

    Through-the-wall sensing of personnel using passive bistatic wifi radar at standoff distances,

    K. Chetty, G. E. Smith, and K. Woodbridge, “Through-the-wall sensing of personnel using passive bistatic wifi radar at standoff distances,”IEEE Approved for Public Release on 22 Apr 2026. Distribution Is Unlimited; Case Number: AFRL-2026-2017 11 BPA RMISTViTDeep2SDeep2SP+ CV-Deep2S Clean Adversarial (10 dB) Clean CV-Deep2S Adversarial (10 dB) Fig. 6. Repr...

    work page 2026

  11. [11]

    Land cover map- ping using sentinel-1 time-series data and machine-learning classifiers in agricultural sub-saharan landscape,

    S. Dahhani, M. Raji, M. Hakdaoui, and R. Lhissou, “Land cover map- ping using sentinel-1 time-series data and machine-learning classifiers in agricultural sub-saharan landscape,”Remote Sensing, vol. 15, no. 1, p. 65, 2022

    work page 2022

  12. [12]

    A review on synthetic aperture radar-based building damage assessment in disasters,

    P. Ge, H. Gokon, and K. Meguro, “A review on synthetic aperture radar-based building damage assessment in disasters,”Remote Sensing of Environment, vol. 240, p. 111693, 2020

    work page 2020

  13. [13]

    A review of sar imagery exploitation methods in support of defence and security missions,

    J. P. Robin, M. Lafitte, and E. Coiras, “A review of sar imagery exploitation methods in support of defence and security missions,” in Proceedings of EUSAR 2016: 11th European Conference on Synthetic Aperture Radar, 2016, pp. 1–5

    work page 2016

  14. [14]

    Near-field mimo-sar millimeter-wave imaging with sparsely sampled aperture data,

    M. E. Yanik and M. Torlak, “Near-field mimo-sar millimeter-wave imaging with sparsely sampled aperture data,”Ieee Access, vol. 7, pp. 31 801–31 819, 2019

    work page 2019

  15. [15]

    Towards large-scale single-shot millimeter- wave imaging for low-cost security inspection,

    L. Bian, D. Li, S. Wang, C. Teng, J. Wu, H. Liu, H. Xu, X. Chang, G. Zhao, S. Liet al., “Towards large-scale single-shot millimeter- wave imaging for low-cost security inspection,”Nature Communications, vol. 15, no. 1, p. 6459, 2024

    work page 2024

  16. [16]

    Three-dimensional millimeter-wave imaging for concealed weapon detection,

    D. M. Sheen, D. L. McMakin, and T. E. Hall, “Three-dimensional millimeter-wave imaging for concealed weapon detection,”IEEE Trans- actions on microwave theory and techniques, vol. 49, no. 9, pp. 1581– 1592, 2001

    work page 2001

  17. [17]

    Combining commercially available active and passive sensors into a millimeter-wave imager for concealed weapon detection,

    F. Garc ´ıa-Rial, D. Montesano, I. G ´omez, C. Callejero, F. Bazus, and J. Grajal, “Combining commercially available active and passive sensors into a millimeter-wave imager for concealed weapon detection,”IEEE Transactions on Microwave Theory and Techniques, vol. 67, no. 3, pp. 1167–1183, 2018

    work page 2018

  18. [18]

    Lightweight 2d imaging for integrated imaging and communication applications,

    X. Li and Y . Chen, “Lightweight 2d imaging for integrated imaging and communication applications,”IEEE Signal Processing Letters, vol. 28, pp. 528–532, 2021

    work page 2021

  19. [19]

    Gnss spoofing and detection,

    M. L. Psiaki and T. E. Humphreys, “Gnss spoofing and detection,” Proceedings of the IEEE, vol. 104, no. 6, pp. 1258–1270, 2016

    work page 2016

  20. [20]

    Study of the gnss jamming in real environment,

    T. Morong, P. Puri ˇcer, and P. Kov´aˇr, “Study of the gnss jamming in real environment,”International Journal of Electronics and Telecommunica- tions, pp. 65–70, 2019

    work page 2019

  21. [21]

    A systematic study of physical sensor attack hardness,

    H. Kim, R. Bandyopadhyay, M. O. Ozmen, Z. B. Celik, A. Bianchi, Y . Kim, and D. Xu, “A systematic study of physical sensor attack hardness,” in2024 IEEE Symposium on Security and Privacy (SP). IEEE Computer Society, 2024, pp. 143–143

    work page 2024

  22. [22]

    Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle,

    C. Yan, W. Xu, and J. Liu, “Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle,”Def Con, vol. 24, no. 8, p. 109, 2016

    work page 2016

  23. [23]

    Cyber-attacks on unmanned aerial system networks: Detection, countermeasure, and future research direc- tions,

    M. R. Manesh and N. Kaabouch, “Cyber-attacks on unmanned aerial system networks: Detection, countermeasure, and future research direc- tions,”Computers & Security, vol. 85, pp. 386–401, 2019

    work page 2019

  24. [24]

    Who is in control? practical physical layer attack and defense for mmwave-based sensing in autonomous vehicles,

    Z. Sun, S. Balakrishnan, L. Su, A. Bhuyan, P. Wang, and C. Qiao, “Who is in control? practical physical layer attack and defense for mmwave-based sensing in autonomous vehicles,”IEEE Transactions on Information Forensics and Security, vol. 16, pp. 3199–3214, 2021

    work page 2021

  25. [25]

    Emulation and malicious attacks to doppler and fmcw radars for human sensing applications,

    P. Nallabolu, D. Rodriguez, and C. Li, “Emulation and malicious attacks to doppler and fmcw radars for human sensing applications,”IEEE Transactions on Microwave Theory and Techniques, vol. 71, no. 2, pp. 805–817, 2022

    work page 2022

  26. [26]

    Millimeter-wave automotive radar spoof- ing,

    M. Ordean and F. D. Garcia, “Millimeter-wave automotive radar spoof- ing,”arXiv preprint arXiv:2205.06567, 2022

    work page arXiv 2022

  27. [27]

    Madradar: A black- box physical layer attack framework on mmwave automotive fmcw radars,

    D. Hunt, K. Angell, Z. Qi, T. Chen, and M. Pajic, “Madradar: A black- box physical layer attack framework on mmwave automotive fmcw radars,”arXiv preprint arXiv:2311.16024, 2023

    work page arXiv 2023

  28. [28]

    Universal targeted adversarial attacks against mmwave-based human activity recognition,

    Y . Xie, X. Guo, Y . Wang, J. Cheng, and Y . Chen, “Universal targeted adversarial attacks against mmwave-based human activity recognition,” inNetwork Security Empowered by Artificial Intelligence. Springer, 2024, pp. 177–211

    work page 2024

  29. [29]

    mmspoof: Resilient spoofing of automotive millimeter-wave radars using reflect array,

    R. R. Vennam, I. K. Jain, K. Bansal, J. Orozco, P. Shukla, A. Ran- ganathan, and D. Bharadia, “mmspoof: Resilient spoofing of automotive millimeter-wave radars using reflect array,” in2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2023, pp. 1807–1821

    work page 2023

  30. [30]

    A survey of adversarial attacks on sar target recognition: From digital domain to physical domain,

    H. Ruan, J. Cui, X. Mao, J. Ren, B. Luo, H. Cao, and H. Li, “A survey of adversarial attacks on sar target recognition: From digital domain to physical domain,”Journal of Radars, vol. 13, no. 6, pp. 1298–1326, 2024

    work page 2024

  31. [31]

    Threat of adversarial attacks on deep learning in computer vision: A survey,

    N. Akhtar and A. Mian, “Threat of adversarial attacks on deep learning in computer vision: A survey,”IEEE Access, vol. 6, pp. 14 410–14 430, 2018

    work page 2018

  32. [32]

    A rapid algorithm for millimeter-wave near-field three-dimensional image reconstruction based on finufft,

    L. Zeng, S. Zhang, Y . Huai, Q. Mao, J. Li, Z. Luo, and Y . Zou, “A rapid algorithm for millimeter-wave near-field three-dimensional image reconstruction based on finufft,”EURASIP Journal on Advances in Signal Processing, vol. 2025, no. 20, pp. 1–16, 2025

    work page 2025

  33. [33]

    Sparsity-driven synthetic aperture radar imaging: Reconstruction, autofocusing, moving targets, and compressed sensing,

    M. C ¸ etin, I. Stojanovi´c, N. ¨O. ¨Onhon, K. Varshney, S. Samadi, W. C. Karl, and A. S. Willsky, “Sparsity-driven synthetic aperture radar imaging: Reconstruction, autofocusing, moving targets, and compressed sensing,”IEEE Signal Processing Magazine, vol. 31, no. 4, pp. 27–40, 2014

    work page 2014

  34. [34]

    M. E. Yanik,Millimeter-Wave Imaging Using MIMO-SAR Techniques. The University of Texas at Dallas, 2020

    work page 2020

  35. [35]

    Sparse autofocus via bayesian learning iterative maximum and applied for lasar 3-d imaging,

    S.-J. Wei, X.-L. Zhang, and J. Shi, “Sparse autofocus via bayesian learning iterative maximum and applied for lasar 3-d imaging,” in2014 IEEE Radar Conference. IEEE, 2014, pp. 0666–0669

    work page 2014

  36. [36]

    Rmist-net: Joint range migration and sparse reconstruction network for 3-d mmw imaging,

    M. Wang, S. Wei, J. Liang, X. Zeng, C. Wang, J. Shi, and X. Zhang, “Rmist-net: Joint range migration and sparse reconstruction network for 3-d mmw imaging,”IEEE Transactions on Geoscience and Remote Sensing, vol. 60, pp. 1–17, 2021

    work page 2021

  37. [37]

    A vision trans- former approach for efficient near-field sar super-resolution under array perturbation,

    J. W. Smith, Y . Alimam, G. Vedula, and M. Torlak, “A vision trans- former approach for efficient near-field sar super-resolution under array perturbation,” in2022 IEEE texas symposium on wireless and microwave circuits and systems (WMCS). IEEE, 2022, pp. 1–6

    work page 2022

  38. [38]

    Efficient physics-based learned reconstruction methods for real-time 3d near-field mimo radar imaging,

    I. Manisali, O. Oral, and F. S. Oktem, “Efficient physics-based learned reconstruction methods for real-time 3d near-field mimo radar imaging,” Digital Signal Processing, vol. 144, p. 104274, 2024

    work page 2024

  39. [39]

    A low-cost replica-based distance-spoofing attack on mmwave fmcw radar,

    N. Miura, T. Machida, K. Matsuda, M. Nagata, S. Nashimoto, and D. Suzuki, “A low-cost replica-based distance-spoofing attack on mmwave fmcw radar,” inProceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop, 2019, pp. 95– 100

    work page 2019

  40. [40]

    Millis- arimagenet: A 2d high-resolution millimeter-wave sar image dataset,

    L. Dorje, N. Poredi, J. Madden, S. Homsi, Y . Chen, and X. Li, “Millis- arimagenet: A 2d high-resolution millimeter-wave sar image dataset,” in 2026 IEEE 23rd Consumer Communications & Networking Conference (CCNC). IEEE, 2026, pp. 1–6

    work page 2026

  41. [41]

    Application of linear-frequency-modulated continuous-wave (lfmcw) radars for tracking of vital signs,

    G. Wang, J.-M. Munoz-Ferreras, C. Gu, C. Li, and R. Gomez-Garcia, “Application of linear-frequency-modulated continuous-wave (lfmcw) radars for tracking of vital signs,”IEEE transactions on microwave theory and techniques, vol. 62, no. 6, pp. 1387–1399, 2014. Approved for Public Release on 22 Apr 2026. Distribution Is Unlimited; Case Number: AFRL-2026-2017

    work page 2014