Active Poisoning: Efficient Backdoor Attacks on Transfer Learning-Based Brain-Computer Interfaces

TL;DR

This paper investigates backdoor poisoning attacks on transfer learning models in EEG-based brain-computer interfaces, revealing significant security vulnerabilities and proposing active poisoning methods to enhance attack success.

Contribution

It introduces the first study of backdoor attacks on transfer learning in EEG BCIs and proposes effective active poisoning strategies to embed backdoors.

Findings

Active poisoning approaches significantly increase attack success rates.

Experiments on four EEG datasets validate the effectiveness of the methods.

Backdoor attacks pose a serious security threat to EEG-based BCIs.

Abstract

Transfer learning (TL) has been widely used in electroencephalogram (EEG)-based brain-computer interfaces (BCIs) for reducing calibration efforts. However, backdoor attacks could be introduced through TL. In such attacks, an attacker embeds a backdoor with a specific pattern into the machine learning model. As a result, the model will misclassify a test sample with the backdoor trigger into a prespecified class while still maintaining good performance on benign samples. Accordingly, this study explores backdoor attacks in the TL of EEG-based BCIs, where source-domain data are poisoned by a backdoor trigger and then used in TL. We propose several active poisoning approaches to select source-domain samples, which are most effective in embedding the backdoor pattern, to improve the attack success rate and efficiency. Experiments on four EEG datasets and three deep learning models demonstrate the effectiveness of the approaches. To our knowledge, this is the first study about backdoor attacks on TL models in EEG-based BCIs. It exposes a serious security risk in BCIs, which should be immediately addressed.