| name | bci-adversarial-robustness |
| description | Adversarial robustness methodology for EEG-based Brain-Computer Interfaces (BCIs). Lightweight custom CNN architectures that outperform EEGNet/DeepConvNet/SleepEEGNet under gradient-based adversarial attacks. Use for: BCI security, adversarial defense, EEG classification robustness, medical device security. |
| arxiv_id | 2606.02597 |
BCI Adversarial Robustness
Paper: "Making Brain-Computer Interfaces More Secure" (arXiv:2606.02597, IEEE World AI IoT Congress 2026)
Authors: Md Fahimul Kabir Chowdhury, Gahangir Hossain
Core Problem
EEG-based Brain-Computer Interfaces (BCIs) are vulnerable to adversarial attacks — minute, carefully crafted perturbations that cause misdiagnosis. Most BCI research focuses on classification accuracy, with little attention to security and robustness under adversarial conditions.
Key Findings
Vulnerability Assessment
- EEG-based BCIs are susceptible to gradient-based adversarial attacks
- Minute perturbations (imperceptible to humans) cause significant classification errors
- This creates safety risks for clinical BCI deployment
Lightweight CNN Architecture
The paper proposes a lightweight custom CNN that consistently outperforms established baselines under adversarial perturbation:
| Model | Parameters | Adversarial Robustness | Classification Accuracy |
|---|
| EEGNet | Medium | Baseline | Good |
| DeepConvNet | Large | Medium | Good |
| SleepEEGNet | Medium | Medium | Good |
| Custom CNN | Lightweight | Best | Best |
Evaluation Protocol
- Two EEG datasets used for validation
- Gradient-based adversarial attacks (FGSM, PGD-style)
- Compared against 3 specialized EEG CNN architectures
- Custom CNN shows consistent superiority across perturbation levels
Reusable Patterns
Pattern 1: Security-Aware BCI Design
1. Start with lightweight architecture (fewer parameters = smaller attack surface)
2. Evaluate under gradient-based adversarial attacks (not just accuracy)
3. Compare against domain-specific baselines (EEGNet, DeepConvNet, etc.)
4. Measure robustness across perturbation magnitudes
5. Deploy models that maintain accuracy under adversarial conditions
Pattern 2: Adversarial Evaluation for Medical AI
Medical AI Security Checklist:
├── Baseline accuracy on clean data
├── FGSM attack robustness
├── PGD/iterative attack robustness
├── Perturbation magnitude sweep
├── Comparison to domain-specific baselines
└── Clinical impact assessment (misdiagnosis risk)
Clinical Implications
- BCI security is critical: Misdiagnosis from adversarial attacks could have serious health consequences
- Lightweight models are more robust: Contrary to intuition, simpler architectures may be safer than complex ones
- Security testing should be standard: All medical AI deployments should include adversarial robustness evaluation
Comparison with Related Work
| Aspect | This Work | spike-ptsd-adversarial | retina-gap-junction-defense |
|---|
| Domain | General BCI | PTSD-specific EEG | Retinal BCI defense |
| Approach | Architecture design | Adversarial analysis | Biological noise injection |
| Defense | Lightweight CNN | Analysis only | Biological-inspired defense |
Activation
bci security, adversarial robustness, eeg adversarial attack, brain-computer interface security, lightweight cnn eeg, medical ai security, gradient-based attack, bci misdiagnosis, eegnet robustness
Related Skills
- [[spike-ptsd-adversarial]] - Adversarial robustness for SNN-based PTSD detection
- [[retina-gap-junction-defense]] - Biological adversarial defense using retinal gap junctions
- [[eeg-preprocessing-reliability]] - EEG decoding reliability and preprocessing effects
- [[bci-rehabilitation-protocols]] - BCI rehabilitation protocols for stroke recovery
