Research Article
BibTex RIS Cite

Mitigating Adversarial Attacks on ECG Classification in Federated Learning via Adversarial Training

Year 2025, Volume: 5 Issue: 1, 18 - 28, 01.05.2025

Eyüpcan Çelik , Mehmet Kemal Güllü

Abstract

Federated Learning (FL) has become an important research area in recent years, particularly when dealing with sensitive data such as healthcare information. Since healthcare data contains critical and personal information, FL provides a major advantage by enabling training on local devices without requiring data to be collected on a central server. In the analysis of healthcare data, such as electrocardiography (ECG), FL enables local processing of data while preserving privacy. However, despite its privacy benefits, FL can be vulnerable to attacks. Malicious inputs aim to degrade model accuracy, known as adversarial attacks (AA), can pose a major threat. Adversarial Training (AT) offers a defense mechanism by increasing model’s robustness against such attacks. Federated Adversarial Training (FAT) extends AT into the FL environment, combining privacy advantages with enhanced resistance to adversarial inputs. In this work, we propose the use of FAT to improve both privacy and security when classifying ECG signals, ensuring robustness against AAs. This approach involves applying AT at the client level by augmenting clean ECG data with adversarial examples generated using the Projected Gradient Descent (PGD) method. A Convolutional Neural Network (CNN) architecture was employed for local training. Experiments are conducted on the MIT-BIH Arrhythmia Database (MIT-DB). For comparison, we also trained an FL model without incorporating FAT. Both models were tested on the original test data as well as on adversarially attacked versions generated using PGD, Fast Gradient Sign Method (FGSM), Carlini & Wagner (CW), and Basic Iterative Method (BIM). The results show that the FL system with FAT significantly outperforms the system without FAT in resisting AAs, with a slight compromise in performance on the original test data, thus highlighting the effectiveness of FAT in enhancing model robustness against AAs for ECG classification tasks. Code is available at https://github.com/Skyress1/ECG-FAT-Code.

Keywords

federated adversarial training federated learning adversarial attacks ecg

References

  • [1] Habehh, H., & Gohel, S. (2021). Machine learning in healthcare. Current Genomics, 22(4), 291–300. https://doi.org/10.2174/1389202922666210705124359
  • [2] Nazareth, N., & Reddy, Y. V. R. (2023). Financial applications of machine learning: A literature review. Expert Systems With Applications, 219, 119640. https://doi.org/10.1016/j.eswa.2023.119640
  • [3] Cui, L., Yang, S., Chen, F., Ming, Z., Lu, N., & Qin, J. (2018). A survey on application of machine learning for Internet of Things. International Journal of Machine Learning and Cybernetics, 9(8), 1399–1417. https://doi.org/10.1007/s13042-018-0834-5
  • [4] McMahan, H. B., Moore, E., Ramage, D., Hampson, S., & Arcas, B. a. Y. (2017). Communication-Efficient Learning of Deep Networks from Decentralized Data. International Conference on Artificial Intelligence and Statistics, 1273–1282. http://proceedings.mlr.press/v54/mcmahan17a/mcmahan17a.pdf
  • [5] Zizzo, G., Rawat, A., Sinn, M., & Buesser, B. (2020). FAT: Federated Adversarial Training. arXiv. https://arxiv.org/abs/2012.01791
  • [6] Tang, R., Luo, J., Qian, J., & Jin, J. (2021). Personalized federated learning for ECG classification based on feature alignment. Security and Communication Networks, 2021, 1–9. https://doi.org/10.1155/2021/6217601
  • [7] Manocha, A., Sood, S. K., & Bhatia, M. (2024). Federated learning-inspired smart ECG classification: an explainable artificial intelligence approach. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-024-20084-3
  • [8] Alreshidi, F. S., Alsaffar, M., Chengoden, R., & Alshammari, N. K. (2024). Fed-CL- an atrial fibrillation prediction system using ECG signals employing federated learning mechanism. Scientific Reports, 14(1). https://doi.org/10.1038/s41598-024-71366-7
  • [9] Çelik, E., & Güllü, M. K. (2023). Comparison of federated learning strategies on ECG classification. 2023 Innovations in Intelligent Systems and Applications Conference (ASYU), 1-4. https://doi.org/10.1109/asyu58738.2023.10296796
  • [10] Bondok, A. H., Mahmoud, M., Badr, M. M., Fouda, M. M., Abdallah, M., & Alsabaan, M. (2023). Novel evasion attacks against adversarial training defense for smart Grid federated learning. IEEE Access, 11, 112953–112972. https://doi.org/10.1109/access.2023.3323617
  • [11] Catak, F. O., & Kuzlu, M. (2024). A federated adversarial learning approach for robust spectrum sensing. 2024 13th Mediterranean Conference on Embedded Computing (MECO), 1-4. https://doi.org/10.1109/meco62516.2024.10577941
  • [12] Luo, S., Zhu, D., Li, Z., & Wu, C. (2021). Ensemble Federated Adversarial Training with Non-IID data. arXiv. https://arxiv.org/abs/2110.14814
  • [13] Madry, A., Makelov, A., Schmidt, L., Tsipras, D., & Vladu, A. (2017). Towards deep learning models resistant to adversarial attacks. arXiv. https://arxiv.org/abs/1706.06083
  • [14] Goodfellow, I. J., Shlens, J., & Szegedy, C. (2014). Explaining and harnessing adversarial examples. arXiv. https://arxiv.org/abs/1412.6572
  • [15] Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. 2017 IEEE Symposium on Security and Privacy (SP), 39-57. https://doi.org/10.1109/sp.2017.49
  • [16] Kurakin, A., Goodfellow, I. J., & Bengio, S. (2018). Adversarial examples in the physical world. In Chapman and Hall/CRC eBooks (pp. 99–112). https://doi.org/10.1201/9781351251389-8
  • [17] Moody, G., & Mark, R. (2001). The impact of the MIT-BIH Arrhythmia Database. IEEE Engineering in Medicine and Biology Magazine, 20(3), 45–50. https://doi.org/10.1109/51.932724
  • [18] Paszke, A., Gross, S., Massa, F., Lerer, A., Bradbury, J., Chanan, G., Killeen, T., Lin, Z., Gimelshein, N., Antiga, L., Desmaison, A., Köpf, A., Yang, E., DeVito, Z., Raison, M., Tejani, A., Chilamkurthy, S., Steiner, B., Fang, L., . . . Chintala, S. (2019). PyTorch: An Imperative Style, High-Performance Deep Learning Library. arXiv. https://arxiv.org/abs/1912.01703
  • [19] Beutel, D. J., Topal, T., Mathur, A., Qiu, X., Fernandez-Marques, J., Gao, Y., Sani, L., Li, K. H., Parcollet, T., Buarque, D. G. P. P., & Lane, N. D. (2020). Flower: a friendly federated Learning research framework. arXiv. https://arxiv.org/abs/2007.14390
  • [20] Kim, H. (2020). Torchattacks: a PyTorch repository for adversarial attacks. arXiv. https://arxiv.org/abs/2010.01950
There are 20 citations in total.

Details

Primary Language English
Subjects Adversarial Machine Learning
Journal Section Research Articles
Authors

Eyüpcan Çelik 0009-0008-5247-9048

Mehmet Kemal Güllü 0000-0003-2310-2985

Publication Date May 1, 2025
Submission Date December 6, 2024
Acceptance Date January 29, 2025
Published in Issue Year 2025 Volume: 5 Issue: 1

Cite

APA Çelik, E., & Güllü, M. K. (2025). Mitigating Adversarial Attacks on ECG Classification in Federated Learning via Adversarial Training. Artificial Intelligence Theory and Applications, 5(1), 18-28.
 Download Cover Image