White-Box Target Attack for EEG-Based BCI Regression Problems
This work addresses security concerns in EEG-based BCI systems, which is a domain-specific problem, and is novel as the first study on adversarial attacks for such regression problems.
The paper tackles the vulnerability of EEG-based brain-computer interface regression models to adversarial attacks by proposing two white-box target attack approaches that effectively change regression outputs by predetermined amounts, with experiments verifying their effectiveness and transferability to black-box attacks.
Machine learning has achieved great success in many applications, including electroencephalogram (EEG) based brain-computer interfaces (BCIs). Unfortunately, many machine learning models are vulnerable to adversarial examples, which are crafted by adding deliberately designed perturbations to the original inputs. Many adversarial attack approaches for classification problems have been proposed, but few have considered target adversarial attacks for regression problems. This paper proposes two such approaches. More specifically, we consider white-box target attacks for regression problems, where we know all information about the regression model to be attacked, and want to design small perturbations to change the regression output by a pre-determined amount. Experiments on two BCI regression problems verified that both approaches are effective. Moreover, adversarial examples generated from both approaches are also transferable, which means that we can use adversarial examples generated from one known regression model to attack an unknown regression model, i.e., to perform black-box attacks. To our knowledge, this is the first study on adversarial attacks for EEG-based BCI regression problems, which calls for more attention on the security of BCI systems.