Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Detection of Physiological Data Tampering Attacks with Quantum Machine Learning

Md. Saif Hassan Onim, Himanshu Thapliyal

TL;DR

The paper tackles tampering of physiological data from wearables and cloud-connected sensors with a hybrid quantum-classical tampering detector based on a quantum kernel One-Class SVM. It evaluates two white-box attacks—data poisoning with label flipping and adversarial perturbation $x' = x + \delta$—across RESTING ECG, EPHNOGRAM, and Stress datasets, reporting 75–95% accuracy for data poisoning. Results show quantum models outperform classical models for label-flipping attacks (up to about 15% gain on some datasets), but both approaches struggle with adversarial perturbations, with quantum accuracies around 45–60%. The work highlights the potential of quantum approaches for improving data integrity in physiological monitoring and suggests exploring Quantum Neural Networks and alternative kernel architectures to bolster robustness.

Abstract

The widespread use of cloud-based medical devices and wearable sensors has made physiological data susceptible to tampering. These attacks can compromise the reliability of healthcare systems which can be critical and life-threatening. Detection of such data tampering is of immediate need. Machine learning has been used to detect anomalies in datasets but the performance of Quantum Machine Learning (QML) is still yet to be evaluated for physiological sensor data. Thus, our study compares the effectiveness of QML for detecting physiological data tampering, focusing on two types of white-box attacks: data poisoning and adversarial perturbation. The results show that QML models are better at identifying label-flipping attacks, achieving accuracy rates of 75%-95% depending on the data and attack severity. This superior performance is due to the ability of quantum algorithms to handle complex and high-dimensional data. However, both QML and classical models struggle to detect more sophisticated adversarial perturbation attacks, which subtly alter data without changing its statistical properties. Although QML performed poorly against this attack with around 45%-65% accuracy, it still outperformed classical algorithms in some cases.

Detection of Physiological Data Tampering Attacks with Quantum Machine Learning

TL;DR

The paper tackles tampering of physiological data from wearables and cloud-connected sensors with a hybrid quantum-classical tampering detector based on a quantum kernel One-Class SVM. It evaluates two white-box attacks—data poisoning with label flipping and adversarial perturbation —across RESTING ECG, EPHNOGRAM, and Stress datasets, reporting 75–95% accuracy for data poisoning. Results show quantum models outperform classical models for label-flipping attacks (up to about 15% gain on some datasets), but both approaches struggle with adversarial perturbations, with quantum accuracies around 45–60%. The work highlights the potential of quantum approaches for improving data integrity in physiological monitoring and suggests exploring Quantum Neural Networks and alternative kernel architectures to bolster robustness.

Abstract

The widespread use of cloud-based medical devices and wearable sensors has made physiological data susceptible to tampering. These attacks can compromise the reliability of healthcare systems which can be critical and life-threatening. Detection of such data tampering is of immediate need. Machine learning has been used to detect anomalies in datasets but the performance of Quantum Machine Learning (QML) is still yet to be evaluated for physiological sensor data. Thus, our study compares the effectiveness of QML for detecting physiological data tampering, focusing on two types of white-box attacks: data poisoning and adversarial perturbation. The results show that QML models are better at identifying label-flipping attacks, achieving accuracy rates of 75%-95% depending on the data and attack severity. This superior performance is due to the ability of quantum algorithms to handle complex and high-dimensional data. However, both QML and classical models struggle to detect more sophisticated adversarial perturbation attacks, which subtly alter data without changing its statistical properties. Although QML performed poorly against this attack with around 45%-65% accuracy, it still outperformed classical algorithms in some cases.

Paper Structure

This paper contains 12 sections, 3 equations, 3 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Threat Model
  3. Data Poisoning
  4. Adversarial Perturbation
  5. Proposed Tampering Detection Method
  6. Dataset Preprocessing and Feature Extraction
  7. Sampling and Feature Reduction
  8. Encoding and Feature Map
  9. Adversarial Attack with Threat Model
  10. Tampering Detection with One-Class SVM
  11. Result Analysis and Discussion
  12. Conclusion and Future Work

Figures (3)

  • Figure 1: Workflow of our Proposed Hybrid QML model for Tampering Detection
  • Figure 2: Kernel Computation Circuit. ($0-5$) are the qubits, $H$ is the Hadamard gate, $R_x$ and $R_y$ are the rotation gates, $\oplus$ denotes the C-NOT gates and $\dagger$ represents the reverse operations
  • Figure 3: 2D Projection of EPHNOGRAM Dataset before and after Data Poisoning Attack where blue and orange Represent Two Different Classes