A regularization method to improve adversarial robustness of neural networks for ECG signal classification

With the advancement of machine leaning technologies, Deep Neural Networks (DNNs) have been utilized for automated interpretation of Electrocardiogram (ECG) signals to identify potential abnormalities in a patient's heart within a second. Studies have shown that the accuracy of DNNs for ECG signal classification could reach human-expert cardiologist level if a sufficiently large training dataset is available. However, it is known that, in the field of computer vision, DNNs are not robust to adversarial noises that may cause DNNs to make wrong class-label predictions. In this work, we confirm that DNNs are not robust to adversarial noises in ECG signal classification applications, and we propose a novel regularization method to improve DNN robustness by minimizing the noise-to-signal ratio. Our method is evaluated on two public datasets: the MIT-BIH dataset and the CPSC2018 dataset, and the evaluation results show that our method can significantly enhance DNN robustness against adversarial noises generated by Projected Gradient Descent (PGD) and Smooth Adversarial Perturbation (SAP) adversarial attacks, with a minimal reduction of accuracy on clean data. Our method may serve as the baseline for designing new methods to defend against adversarial attacks for life-critical applications depending on ECG interpretation. The code of this work is publicly available at github.com/SarielMa/Robust_DNN_for_ECG.