ECGadv: Generating Adversarial Electrocardiogram to Misguide Arrhythmia Classification System
This work addresses a security problem for medical AI systems, specifically in arrhythmia classification, but it is incremental as it adapts existing adversarial attack concepts to a new domain.
The paper tackled the vulnerability of deep neural network-based ECG diagnosis systems to adversarial attacks by designing attack schemes tailored to ECG properties, demonstrating that these systems have blind spots that require countermeasures.
Deep neural networks (DNNs)-powered Electrocardiogram (ECG) diagnosis systems recently achieve promising progress to take over tedious examinations by cardiologists. However, their vulnerability to adversarial attacks still lack comprehensive investigation. The existing attacks in image domain could not be directly applicable due to the distinct properties of ECGs in visualization and dynamic properties. Thus, this paper takes a step to thoroughly explore adversarial attacks on the DNN-powered ECG diagnosis system. We analyze the properties of ECGs to design effective attacks schemes under two attacks models respectively. Our results demonstrate the blind spots of DNN-powered diagnosis systems under adversarial attacks, which calls attention to adequate countermeasures.