Improve robustness of DNN for ECG signal classification:a noise-to-signal ratio perspective

Electrocardiogram (ECG) is the most widely used diagnostic tool to monitor the condition of the cardiovascular system. Deep neural networks (DNNs), have been developed in many research labs for automatic interpretation of ECG signals to identify potential abnormalities in patient hearts. Studies have shown that given a sufficiently large amount of data, the classification accuracy of DNNs could reach human-expert cardiologist level. A DNN-based automated ECG diagnostic system would be an affordable solution for patients in developing countries where human-expert cardiologist are lacking. However, despite of the excellent performance in classification accuracy, it has been shown that DNNs are highly vulnerable to adversarial attacks: subtle changes in input of a DNN can lead to a wrong classification output with high confidence. Thus, it is challenging and essential to improve adversarial robustness of DNNs for ECG signal classification, a life-critical application. In this work, we proposed to improve DNN robustness from the perspective of noise-to-signal ratio (NSR) and developed two methods to minimize NSR during training process. We evaluated the proposed methods on PhysionNets MIT-BIH dataset, and the results show that our proposed methods lead to an enhancement in robustness against PGD adversarial attack and SPSA attack, with a minimal change in accuracy on clean data.