The Electrocardiogram (ECG) measures the electrical cardiac activity generated by the heart to detect abnormal heartbeat and heart attack. However, the irregular occurrence of the abnormalities demands continuous monitoring of heartbeats. Machine learning techniques are leveraged to automate the task to reduce labor work needed during monitoring. In recent years, many companies have launched products with ECG monitoring and irregular heartbeat alert. Among all classification algorithms, the time series-based algorithm dynamic time warping (DTW) is widely adopted to undertake the ECG classification task. Though progress has been achieved, the DTW-based ECG classification also brings a new attacking vector of leaking the patients' diagnosis results. This paper shows that the ECG input samples' labels can be stolen via a side-channel attack, Flush+Reload. In particular, we first identify the vulnerability of DTW for ECG classification, i.e., the correlation between warping path choice and prediction results. Then we implement an attack that leverages Flush+Reload to monitor the warping path selection with known ECG data and then build a predictor for constructing the relation between warping path selection and labels of input ECG samples. Based on experiments, we find that the Flush+Reload-based inference leakage can achieve an 84.0\% attacking success rate to identify the labels of the two samples in DTW.
翻译:心电图(ECG)通过测量心脏产生的电活动来检测异常心跳和心脏病发作。然而,异常情况的不规律发生要求对心跳进行持续监测。机器学习技术被用于自动化这一任务,以减少监测过程中所需的人力劳动。近年来,许多公司推出了具备ECG监测和异常心跳警报功能的产品。在所有分类算法中,基于时间序列的动态时间规整(DTW)算法被广泛用于执行ECG分类任务。尽管取得了进展,基于DTW的ECG分类也带来了泄露患者诊断结果的新攻击向量。本文表明,通过侧信道攻击Flush+Reload,可以窃取ECG输入样本的标签。具体而言,我们首先识别出DTW用于ECG分类的漏洞,即规整路径选择与预测结果之间的相关性。然后,我们实施了一种攻击,利用Flush+Reload监控已知ECG数据的规整路径选择,并构建一个预测器来建立规整路径选择与输入ECG样本标签之间的关系。基于实验,我们发现基于Flush+Reload的推理泄漏可以实现84.0%的攻击成功率,以识别DTW中两个样本的标签。