Detecting and Mitigating Adversarial Attack

Loading...
Thumbnail Image

Authors

Hossain, Khondker Fariha

Issue Date

2022

Type

Thesis

Language

Keywords

Adversarial Attack , CAPTCHA , Deep Learning , Defense , Electrocardiogram , Game theory

Research Projects

Organizational Units

Journal Issue

Alternative Title

Abstract

Automating arrhythmia detection from ECG requires a robust and trusted system that retains high accuracy under electrical disturbances. Deep neural networks have become a popular technique for tracing ECG signals, outperforming human experts. Many approaches have reached human-level performance in classifying arrhythmia from ECGs. Even convolutional neural networks are susceptible to adversarial examples as well that can also misclassify ECG signals. Moreover, they do not generalize well on the out-of-distribution dataset. Adversarial attacks are small crafted perturbations injected in the original data which manifest the out-of-distribution shifts in signal to misclassify the correct class. However, these architectures are vulnerable to adversarial attacks as well. The GAN architecture has been employed in recent works to synthesize adversarial ECG signals to increase existing training data. However, they use a disjointed CNN-based classification architecture to detect arrhythmia. Till now, no versatile architecture has been proposed that can detect adversarial examples and classify arrhythmia simultaneously. In this work, we propose two novel conditional generative adversarial networks (GAN), ECG-Adv-GAN and ECG-ATK-GAN, to simultaneously generate ECG signals for different categories and detect cardiac abnormalities. The model is conditioned on class-specific ECG signals to synthesize realistic adversarial examples. Moreover, the ECG-ATK-GAN is robust against adversarial attacked ECG signals and retains high accuracy when exposed to various types of adversarial attacks while classifying arrhythmia. We benchmark our architecture on six different white and black-box attacks and compare them with other recently proposed arrhythmia classification models. When considering the defense strategy, the variation of the adversarial attacks, both targeted and non-targeted, can determine the perturbation by calculating the gradient. Novel defenses are being introduced to improve upon existing techniques to fend off each new attack. This back-and-forth game between attack and defense is persistently recurring, and it became significant to understand the pattern and behavior of the attacker to create a robust defense. One widespread tactic is applying a mathematically based model like Game theory. To analyze this circumstance, we propose a computational framework of game theory to analyze the CNN Classifier's vulnerability, strategy, and outcomes by forming a simultaneous two-player game. We represent the interaction in the Stackelberg Game in Kuhn tree to study players' possible behaviors and actions by applying our Classifier's actual predicted values in CAPTCHA dataset. Thus, we interpret potential attacks in deep learning applications while representing viable defense strategies from the Game theoretical perspective.

Description

Citation

Publisher

License

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 United States

Journal

Volume

Issue

PubMed ID

DOI

ISSN

EISSN