EEG-based brainprint recognition with deep learning models has garnered much attention in biometric identification. Yet, studies have indicated vulnerability to adversarial attacks in deep learning models with EEG inputs. In this paper, we introduce a novel adversarial attack method that jointly attacks time-domain and frequency-domain EEG signals by employing wavelet transform. Different from most existing methods which only target time-domain EEG signals, our method not only takes advantage of the time-domain attack's potent adversarial strength but also benefits from the imperceptibility inherent in frequency-domain attack, achieving a better balance between attack performance and imperceptibility. Extensive experiments are conducted in both white- and grey-box scenarios and the results demonstrate that our attack method achieves state-of-the-art attack performance on three datasets and three deep-learning models. In the meanwhile, the perturbations in the signals attacked by our method are barely perceptible to the human visual system.

翻译：基于深度学习的脑电图（EEG）大脑纹识别在生物特征识别领域备受关注。然而，研究表明，输入EEG信号的深度学习模型易受对抗攻击的影响。本文提出一种新颖的对抗攻击方法，通过小波变换联合攻击时域和频域EEG信号。与现有多数仅针对时域EEG信号的方法不同，我们的方法不仅利用了时域攻击的强大对抗强度，还受益于频域攻击固有的不可感知性，从而在攻击性能与不可感知性之间实现更优平衡。在白盒和灰盒场景下进行了大量实验，结果表明，我们的攻击方法在三个数据集和三个深度学习模型上均达到了最先进的攻击性能。同时，经本方法攻击的信号中的扰动对人类视觉系统几乎不可察觉。