Universal Adversarial Perturbations for CNN Classifiers in EEG-Based BCIs

TL;DR

This paper introduces a novel method to generate universal adversarial perturbations for CNN classifiers in EEG-based BCIs, revealing security vulnerabilities and demonstrating their transferability and effectiveness in real-time attacks.

Contribution

It presents the first study on UAPs in EEG-based BCIs and proposes a total loss minimization approach to generate effective, transferable adversarial perturbations.

Findings

UAPs can significantly degrade CNN performance in EEG BCIs

The proposed TLM method effectively generates UAPs for multiple classifiers

UAPs are transferable across different EEG-based BCI systems

Abstract

Multiple convolutional neural network (CNN) classifiers have been proposed for electroencephalogram (EEG) based brain-computer interfaces (BCIs). However, CNN models have been found vulnerable to universal adversarial perturbations (UAPs), which are small and example-independent, yet powerful enough to degrade the performance of a CNN model, when added to a benign example. This paper proposes a novel total loss minimization (TLM) approach to generate UAPs for EEG-based BCIs. Experimental results demonstrated the effectiveness of TLM on three popular CNN classifiers for both target and non-target attacks. We also verified the transferability of UAPs in EEG-based BCI systems. To our knowledge, this is the first study on UAPs of CNN classifiers in EEG-based BCIs. UAPs are easy to construct, and can attack BCIs in real-time, exposing a potentially critical security concern of BCIs.