ECGadv: Generating Adversarial Electrocardiogram to Misguide Arrhythmia Classification System

  • Huangxun Chen The Hong Kong University of Science and Technology
  • Chenyu Huang The Hong Kong University of Science and Technology
  • Qianyi Huang Southern University of Science and Technology, Peng Cheng Laboratory, The Hong Kong University of Science and Technology
  • Qian Zhang The Hong Kong University of Science and Technology
  • Wei Wang Huazhong University of Science and Technology

Abstract

Deep neural networks (DNNs)-powered Electrocardiogram (ECG) diagnosis systems recently achieve promising progress to take over tedious examinations by cardiologists. However, their vulnerability to adversarial attacks still lack comprehensive investigation. The existing attacks in image domain could not be directly applicable due to the distinct properties of ECGs in visualization and dynamic properties. Thus, this paper takes a step to thoroughly explore adversarial attacks on the DNN-powered ECG diagnosis system. We analyze the properties of ECGs to design effective attacks schemes under two attacks models respectively. Our results demonstrate the blind spots of DNN-powered diagnosis systems under adversarial attacks, which calls attention to adequate countermeasures.

Published
2020-04-03
Section
AAAI Technical Track: Machine Learning