Attack-data independent defence mechanism against adversarial attacks on ECG signal

Abstract

Adversarial attacks pose a significant threat to the integrity and reliability of electrocardiogram (ECG) signals, compromising their use in critical applications, e.g., arrhythmia detection and classification. In this paper, we propose an attack-data-independent defence mechanism to effectively mitigate adversarial attacks on ECG signals. Unlike existing defence mechanisms that rely on learning from adversarial samples, our proposed approach operates as a ‘gatekeeper,’ selectively discarding noisy and attack signals while allowing only clean and non-attack ECG signals to be stored in the data layer. This ensures the availability of reliable and high-quality ECG data for subsequent analysis. The proposed defence mechanism not only detects and filters out the attack and noisy ECG signals but also provides robust protection against adversarial attacks, enhancing the integrity and trustworthiness of ECG data for critical applications. To evaluate the effectiveness of our proposal, we conduct experiments using physiologic and synthetic ECG datasets against two well-known attacks: a white-box attack (Fast Gradient Signed Method (FGSM) and Projected Gradient Descent (PGD)) and a black-box attack (HopSkipJump and Boundary). Our experimental results demonstrate the superiority and effectiveness of our approach in defending against adversarial attacks on ECG signals, making it a promising solution for ensuring the security and reliability of ECG-based diagnosis in smart healthcare applications.