AIRLABkhu / Generative-Perturbation-Networks Public

Notifications You must be signed in to change notification settings
Fork 2
Star 15

Official PyTorch Implementaion of Generative Perturbation Network for Signal-Agnostic/Specific Adversarial Attacks on EEG-based Brain-Computer Interfaces

15 stars 2 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 51 Commits
adversarial_models		adversarial_models
data_processing		data_processing
dataloaders		dataloaders
models		models
plots		plots
README.md		README.md
configparam.py		configparam.py
deap_cnn_loader.py		deap_cnn_loader.py
eval_GPN_SA.py		eval_GPN_SA.py
eval_GPN_SA_cross.py		eval_GPN_SA_cross.py
eval_GPN_SNR.py		eval_GPN_SNR.py
eval_GPN_SS.py		eval_GPN_SS.py
eval_GPN_SS_cross.py		eval_GPN_SS_cross.py
eval_GPN_noise.py		eval_GPN_noise.py
eval_GPN_noise_subj.py		eval_GPN_noise_subj.py
eval_classifier.py		eval_classifier.py
train_GPN_SA.py		train_GPN_SA.py
train_GPN_SA_subj.py		train_GPN_SA_subj.py
train_GPN_SS.py		train_GPN_SS.py
train_GPN_SS_subj.py		train_GPN_SS_subj.py
train_cGPN.py		train_cGPN.py
train_cGPN_subj.py		train_cGPN_subj.py
train_classifier.py		train_classifier.py
train_classifier_subj.py		train_classifier_subj.py
train_mGPN.py		train_mGPN.py
train_mGPN_subj.py		train_mGPN_subj.py
train_uap_df.py		train_uap_df.py
train_uap_df_subj.py		train_uap_df_subj.py
train_uap_tlm.py		train_uap_tlm.py
train_uap_tlm_subj.py		train_uap_tlm_subj.py

Repository files navigation

Generative-Perturbation-Networks

Title

Generative Perturbation Network for Signal-Agnostic/Specific Adversarial Attacks on EEG-based Brain-Computer Interfaces

Abstract

Brain-computer interface (BCI) enables direct communication between a brain and computers or external devices. Recently, deep neural networks (DNNs) have achieved great success in classifying EEG-based BCI systems. However, DNNs are vulnerable to adversarial attacks using adversarial examples imperceptible to humans. This paper proposes a novel generative model named generative perturbation network (GPN), able to generate adversarial examples by signal-agnostic and signal-specific perturbations for targeted and non-targeted attacks. By modifying the proposed model slightly, we can also generate conditional or total perturbations for an EEG dataset with a pretrained weight. Our experimental evaluation demonstrates that perturbations generated by the proposed model outperform previous approaches for crafting signal-agnostic perturbation in non-targeted and targeted attacks. Moreover, we show that modified models, i.e., conditional and multiple GPN, can generate perturbations of all classification models, attack types, and target classes with single trained parameters only. Finally, we show that the proposed method has higher transferability across classification networks than comparison methods, demonstrating the perturbations are well generalized.

Architecture

Generative Perturbation Networks (GPNs)

Signal-Specific generation : Input as a real EEG trials
Signal-Agnoistic generation : Input as a random noise

Conditional Generative Perturbation Network(cGPN)

cGPN recieves bith a signal and condition vector as input for defining the perturbation
cGPN generates perturbations for all types of classification model, attack type, and target classes for one dataset

Multiple Generative Perturbations Network(mGPN)

mGPN generates all perturbations for an input EEG trial at once.

Result

Accuray and Fooling Rate

Accuracy : Top 1 accuracy of classification
Fooling Rate : For non-targeted only. Prediction difference from original prediction

Comparision of DF-UAP, TLM, GPN-SA methods

Comparision of GPN-SS, cGPN, mGPN methods

Transferability

Topoplots of adversarial exampels from mGPN

Usage

Train

train_classifier.py : Train victim models for EEG classification. EEGNET, Deep/Shallow ConvNet, TIDNET, VGG, ResNet were used as victim models.
train_uap_df.py : Pytorch Implementation of Universal adversarial perturbations, CVPR, 2017, Moosavi et al. Adversarial-Robustness-Toolbox library was used for Deepfool based attacks.
train_uap_tlm.py : Pytorch Implementation of Universal adversarial perturbations for CNN classifiers in EEG-based BCIs, JOURNAL OF NEURAL ENGINEERING, 2021, Z.Liu et al.
The offical implementaion(Tensorflow ver.) can be found here: https://github.com/ZihanLiu95/UAP_EEG.
train_GPN_SS.py : Train GPN for Signal Specific perturbations generation.
train_GPN_SA.py : Train GPN for Signal Agnositic perturbations generation.
train_cGPN.py : Train conditional GPN(cGPN) for generating perturbations with conditional flags.
train_mGPN.py : Train multiple GPN(mGPN) for generating perturbations at once.

Evaluate

eval_classifier.py : Evaluate accuacy of trained victim models for EEG classification.
eval_GPN_SS&SA.py : Evaluate accuracy of adversarial attacks with GPN on victim models.
eval_GPN_SS&SA_cross.py : Evaluate Transferability of Universal Perturbations.

Model Architecture Implementation -> `./adversarial models'

GenResNet.py : Implementations of Generative Perturbation Networks for SS and SA attacks
GenResNetHyper.py : Implementations of conditional Generative Perturbation Networks
GenResNetMulti.py : Implementations of multiple Generative Perturbation Networks

Models for EEG classification -> `./models'

EEGNet.py : Pytorch Implementaion of EEGNet a compact convolutional neural network, JOURANL OF NEURAL ENGINEERING, 2018, V.Lawhern et al.
Origianl Implemenation => https://github.com/vlawhern/arl-eegmodels
DeepConvNet.py & ShallowConvNet.py : Pytorch Implementation of Deep Learning With Convolutional Neural Networks for EEG Decoding and Visualization, Human Brain Mapping, 2017, Schirrmeister et al.
TIDNet.py : Pytorch Implementaion of Thinker invariance: enabling deep neural networks for BCI across more people, JOURANL OF NEURAL ENGINEERING, 2020, D.Kostas et al.
VGG.py : VGG Implementation tailored for EEG classification TorchVision Library.
ResNet.py : ResNet Implemenation tailored for EEG classifcation with TorchVision Library.

Data Pre-Processing -> ./data_processing

amigos_cvt_preproc_mat_npy.py : Convert .mat format into .npy format.
amigos_slice_npy_in_nsec.py & deap_slice_in_nsec.py& physionet_slice_npy_in_1sec.py : Split EEG streams into 1sec segments.
merge_labels.py : Label signals into 4 classes based on value of arousal and valence.

About

Official PyTorch Implementaion of Generative Perturbation Network for Signal-Agnostic/Specific Adversarial Attacks on EEG-based Brain-Computer Interfaces

Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages

Python 100.0%