Detecting and Mitigating Adversarial Attack
Loading...
Authors
Hossain, Khondker Fariha
Issue Date
2022
Type
Thesis
Language
Keywords
Adversarial Attack , CAPTCHA , Deep Learning , Defense , Electrocardiogram , Game theory
Alternative Title
Abstract
Automating arrhythmia detection from ECG requires a robust and trusted system that retains high accuracy under electrical disturbances. Deep neural networks have become a popular technique for tracing ECG signals, outperforming human experts. Many approaches have reached human-level performance in classifying arrhythmia from ECGs. Even convolutional neural networks are susceptible to adversarial examples as well that can also misclassify ECG signals. Moreover, they do not generalize well on the out-of-distribution dataset. Adversarial attacks are small crafted perturbations injected in the original data which manifest the out-of-distribution shifts in signal to misclassify the correct class. However, these architectures are vulnerable to adversarial attacks as well. The GAN architecture has been employed in recent works to synthesize adversarial ECG signals to increase existing training data. However, they use a disjointed CNN-based classification architecture to detect arrhythmia. Till now, no versatile architecture has been proposed that can detect adversarial examples and classify arrhythmia simultaneously. In this work, we propose two novel conditional generative adversarial networks (GAN), ECG-Adv-GAN and ECG-ATK-GAN, to simultaneously generate ECG signals for different categories and detect cardiac abnormalities. The model is conditioned on class-specific ECG signals to synthesize realistic adversarial examples. Moreover, the ECG-ATK-GAN is robust against adversarial attacked ECG signals and retains high accuracy when exposed to various types of adversarial attacks while classifying arrhythmia. We benchmark our architecture on six different white and black-box attacks and compare them with other recently proposed arrhythmia classification models. When considering the defense strategy, the variation of the adversarial attacks, both targeted and non-targeted, can determine the perturbation by calculating the gradient. Novel defenses are being introduced to improve upon existing techniques to fend off each new attack. This back-and-forth game between attack and defense is persistently recurring, and it became significant to understand the pattern and behavior of the attacker to create a robust defense. One widespread tactic is applying a mathematically based model like Game theory. To analyze this circumstance, we propose a computational framework of game theory to analyze the CNN Classifier's vulnerability, strategy, and outcomes by forming a simultaneous two-player game. We represent the interaction in the Stackelberg Game in Kuhn tree to study players' possible behaviors and actions by applying our Classifier's actual predicted values in CAPTCHA dataset. Thus, we interpret potential attacks in deep learning applications while representing viable defense strategies from the Game theoretical perspective.
Description
Citation
Publisher
License
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 United States