Enhancing EEG Signal Classifier Robustness Against Adversarial Attacks Using a Generative Adversarial Network Approach

Electroencephalogram (EEG) based brain computer interfaces (BCIs) have particularly benefited from deep learning models thanks to their remarkable performance for classification purposes. Despite their success, these models have shown to be vulnerable to adversarial attacks, which are attacks that manipulate EEG signals to cause misclassification. Adversarial training, where models are trained on both normal and adversarial examples, has been proposed to address this issue. However, overfitting on adversarial examples can lead to reduced performance. To overcome this challenge, we present a new approach of adversarial training based on a generative adversarial network (GAN). In particular, we first generate real adversarial examples using fast gradient sign method, Then, Our GAN generates new adversarial EEG signals using real adversarial examples as a validation set. By incorporating both real and generated adversarial examples during training, we enhance the EEG model performance. Finally, we evaluate our approach on BCI competition 2a dataset showing that it achieves a statistically significant performance improvement and enhances the robustness to adversarial attacks.