/Generative-Perturbation-Networks

Official PyTorch Implementaion of Generative Perturbation Network for Signal-Agnostic/Specific Adversarial Attacks on EEG-based Brain-Computer Interfaces

Primary LanguagePython

Generative-Perturbation-Networks

Title

Generative Perturbation Network for Signal-Agnostic/Specific Adversarial Attacks on EEG-based Brain-Computer Interfaces

Abstract

Brain-computer interface (BCI) enables direct communication between a brain and computers or external devices. Recently, deep neural networks (DNNs) have achieved great success in classifying EEG-based BCI systems. However, DNNs are vulnerable to adversarial attacks using adversarial examples imperceptible to humans. This paper proposes a novel generative model named generative perturbation network (GPN), able to generate adversarial examples by signal-agnostic and signal-specific perturbations for targeted and non-targeted attacks. By modifying the proposed model slightly, we can also generate conditional or total perturbations for an EEG dataset with a pretrained weight. Our experimental evaluation demonstrates that perturbations generated by the proposed model outperform previous approaches for crafting signal-agnostic perturbation in non-targeted and targeted attacks. Moreover, we show that modified models, i.e., conditional and multiple GPN, can generate perturbations of all classification models, attack types, and target classes with single trained parameters only. Finally, we show that the proposed method has higher transferability across classification networks than comparison methods, demonstrating the perturbations are well generalized.

Architecture

Generative Perturbation Networks (GPNs)

image

  • Signal-Specific generation : Input as a real EEG trials
  • Signal-Agnoistic generation : Input as a random noise
    image

Conditional Generative Perturbation Network(cGPN)

  • cGPN recieves bith a signal and condition vector as input for defining the perturbation
  • cGPN generates perturbations for all types of classification model, attack type, and target classes for one dataset
    image

Multiple Generative Perturbations Network(mGPN)

  • mGPN generates all perturbations for an input EEG trial at once.
    image

Result

Accuray and Fooling Rate

  • Accuracy : Top 1 accuracy of classification
  • Fooling Rate : For non-targeted only. Prediction difference from original prediction

Comparision of DF-UAP, TLM, GPN-SA methods

image

Comparision of GPN-SS, cGPN, mGPN methods

image

Transferability

image

Topoplots of adversarial exampels from mGPN

image

Usage

Train

  • train_classifier.py : Train victim models for EEG classification. EEGNET, Deep/Shallow ConvNet, TIDNET, VGG, ResNet were used as victim models.
  • train_uap_df.py : Pytorch Implementation of Universal adversarial perturbations, CVPR, 2017, Moosavi et al. Adversarial-Robustness-Toolbox library was used for Deepfool based attacks.
  • train_uap_tlm.py : Pytorch Implementation of Universal adversarial perturbations for CNN classifiers in EEG-based BCIs, JOURNAL OF NEURAL ENGINEERING, 2021, Z.Liu et al.
    The offical implementaion(Tensorflow ver.) can be found here: https://github.com/ZihanLiu95/UAP_EEG.
  • train_GPN_SS.py : Train GPN for Signal Specific perturbations generation.
  • train_GPN_SA.py : Train GPN for Signal Agnositic perturbations generation.
  • train_cGPN.py : Train conditional GPN(cGPN) for generating perturbations with conditional flags.
  • train_mGPN.py : Train multiple GPN(mGPN) for generating perturbations at once.

Evaluate

  • eval_classifier.py : Evaluate accuacy of trained victim models for EEG classification.
  • eval_GPN_SS&SA.py : Evaluate accuracy of adversarial attacks with GPN on victim models.
  • eval_GPN_SS&SA_cross.py : Evaluate Transferability of Universal Perturbations.

Model Architecture Implementation -> `./adversarial models'

  • GenResNet.py : Implementations of Generative Perturbation Networks for SS and SA attacks
  • GenResNetHyper.py : Implementations of conditional Generative Perturbation Networks
  • GenResNetMulti.py : Implementations of multiple Generative Perturbation Networks

Models for EEG classification -> `./models'

  • EEGNet.py : Pytorch Implementaion of EEGNet a compact convolutional neural network, JOURANL OF NEURAL ENGINEERING, 2018, V.Lawhern et al.
    Origianl Implemenation => https://github.com/vlawhern/arl-eegmodels
  • DeepConvNet.py & ShallowConvNet.py : Pytorch Implementation of Deep Learning With Convolutional Neural Networks for EEG Decoding and Visualization, Human Brain Mapping, 2017, Schirrmeister et al.
  • TIDNet.py : Pytorch Implementaion of Thinker invariance: enabling deep neural networks for BCI across more people, JOURANL OF NEURAL ENGINEERING, 2020, D.Kostas et al.
  • VGG.py : VGG Implementation tailored for EEG classification TorchVision Library.
  • ResNet.py : ResNet Implemenation tailored for EEG classifcation with TorchVision Library.

Data Pre-Processing -> ./data_processing

  • amigos_cvt_preproc_mat_npy.py : Convert .mat format into .npy format.
  • amigos_slice_npy_in_nsec.py & deap_slice_in_nsec.py& physionet_slice_npy_in_1sec.py : Split EEG streams into 1sec segments.
  • merge_labels.py : Label signals into 4 classes based on value of arousal and valence.