Good knowledge of Python, familiar with (or eager to learn about) neural networks and deep learning libraries like TensorFlow.
Biometric systems rely on physiological or behavioural characteristics that can be measured by sensors to verify identity. Electrocardiogram (ECG)-based biometrics is one of the new and most promising types. ECG signals measure the electrical activity of the heart and several studies have found them suitable for human identification. To match the signals with the registered user, ECG biometrics (and other kinds of biometrics as well) use machine learning algorithms, including deep neural networks (DNNs). However, DNNs are vulnerable to adversarial attacks by which small perturbations to the DNN input might change the DNN decision. In ECG biometrics, an example is an impersonation attack, where the attacker manipulates their own signal to impersonate a target user registered in the system.
In this project, you will learn about ECG biometrics, attacks on machine learning, and how to realize such attacks for DNN-based ECG biometrics. In particular, you will use existing code to train DNN-based ECG biometrics on publicly available datasets, you will consolidate existing code for impersonation attacks, and you will realize and evaluate countermeasures (including signal denoising and calibrated prediction confidence).
Useful readings and links
- Blasco, Jorge, et al. “A survey of wearable biometric recognition systems.” ACM Computing Surveys (CSUR) 49.3 (2016): 1-35.
Eberz, Simon, et al. “Broken hearted: How to attack ECG biometrics.” (2017).
Biggio, Battista, and Fabio Roli. “Wild patterns: Ten years after the rise of adversarial machine learning.” Pattern Recognition 84 (2018): 317-331.
- Tutorial: Tricking Neural Networks: Create your own Adversarial Examples