Author:
Yu Jianfeng,Qiu Kai,Wang Pengju,Su Caixia,Fan Yufeng,Cao Yongfeng
Abstract
AbstractDeep learning models have been widely used in electroencephalogram (EEG) analysis and obtained excellent performance. But the adversarial attack and defense for them should be thoroughly studied before putting them into safety-sensitive use. This work exposes an important safety issue in deep-learning-based brain disease diagnostic systems by examining the vulnerability of deep learning models for diagnosing epilepsy with brain electrical activity mappings (BEAMs) to white-box attacks. It proposes two methods, Gradient Perturbations of BEAMs (GPBEAM), and Gradient Perturbations of BEAMs with Differential Evolution (GPBEAM-DE), which generate EEG adversarial samples, for the first time by perturbing BEAMs densely and sparsely respectively, and find that these BEAMs-based adversarial samples can easily mislead deep learning models. The experiments use the EEG data from CHB-MIT dataset and two types of victim models each of which has four different deep neural network (DNN) architectures. It is shown that: (1) these BEAM-based adversarial samples produced by the proposed methods in this paper are aggressive to BEAM-related victim models which use BEAMs as the input to internal DNN architectures, but unaggressive to EEG-related victim models which have raw EEG as the input to internal DNN architectures, with the top success rate of attacking BEAM-related models up to 0.8 while the top success rate of attacking EEG-related models only 0.01; (2) GPBEAM-DE outperforms GPBEAM when they are attacking the same victim model under a same distortion constraint, with the top attack success rate 0.8 for the former and 0.59 for the latter; (3) a simple modification to the GPBEAM/GPBEAM-DE will make it have aggressiveness to both BEAMs-related and EEG-related models (with top attack success rate 0.8 and 0.64), and this capacity enhancement is done without any cost of distortion increment. The goal of this study is not to attack any of EEG medical diagnostic systems, but to raise concerns about the safety of deep learning models and hope to lead to a safer design.
Funder
Guizhou Provincial Science and Technology Foundation
Publisher
Springer Science and Business Media LLC
Subject
Health Informatics,Health Policy,Computer Science Applications
Reference44 articles.
1. Ullah Z, Usman M, Latif S, et al. Densely attention mechanism based network for COVID-19 detection in chest X-rays. Sci Rep. 2023;13:261. https://doi.org/10.1038/s41598-022-27266-9.
2. Ullah Z, Usman M, Gwak J. MTSS-AAE: Multi-task semi-supervised adversarial autoencoding for COVID-19 detection based on chest X-ray images. Expert Syst Appl. 2023;216:119475.
3. Ullah Z, Usman M, Jeon M, et al. Cascade multiscale residual attention cnns with adaptive roi for automatic brain tumor segmentation. Inf Sci. 2022;608:1541–56.
4. Hossain MS, Amin SU, Alsulaiman M, et al. Applying deep learning for epilepsy seizure detection and brain mapping visualization. ACM Trans Multimedia Comput Commun Appl (TOMM). 2019;15(1):1–17.
5. Ding Y, Hu X, Xia Z, et al. Inter-brain EEG feature extraction and analysis for continuous implicit emotion tagging during video watching. IEEE Trans Affect Comput. 2018;12(1):92–102.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献