Universal Adversarial Perturbations for CNN Classifiers in EEG-Based BCIs
This work exposes a critical security concern for EEG-based BCIs, as UAPs can be easily constructed to attack systems in real-time, though it is incremental as it applies known adversarial attack methods to a new domain.
The paper tackled the vulnerability of CNN classifiers in EEG-based BCIs to universal adversarial perturbations (UAPs) by proposing a novel total loss minimization (TLM) approach, which effectively generated UAPs that degraded performance on three popular CNN models in both target and non-target attacks.
Multiple convolutional neural network (CNN) classifiers have been proposed for electroencephalogram (EEG) based brain-computer interfaces (BCIs). However, CNN models have been found vulnerable to universal adversarial perturbations (UAPs), which are small and example-independent, yet powerful enough to degrade the performance of a CNN model, when added to a benign example. This paper proposes a novel total loss minimization (TLM) approach to generate UAPs for EEG-based BCIs. Experimental results demonstrated the effectiveness of TLM on three popular CNN classifiers for both target and non-target attacks. We also verified the transferability of UAPs in EEG-based BCI systems. To our knowledge, this is the first study on UAPs of CNN classifiers in EEG-based BCIs. UAPs are easy to construct, and can attack BCIs in real-time, exposing a potentially critical security concern of BCIs.