Top

Automatic Control and Computer Sciences

Published in:

01-12-2022

Adversarial Machine Learning Protection Using the Example of Evasion Attacks on Medical Images

Authors: E. A. Rudnitskaya, M. A. Poltavtseva

Published in: Automatic Control and Computer Sciences | Issue 8/2022

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

This work considers evasion attacks on machine learning (ML) systems that use medical images in their analysis. Their systematization and a practical assessment of feasibility are carried out. Existing protection techniques against ML evasion attacks are presented and analyzed. The features of medical images are given and the formulation of the problem of evasion attack protection for these images based on several protective methods is provided. The authors have identified, implemented, and tested the most relevant protection methods on practical examples: an analysis of images of patients with COVID-19.

previous article Mathematical Model of the Spread of Computer Attacks on Critical Information Infrastructure

next article Immunization of Complex Networks: System of Differential Equations and Dynamic Variation

Ma, X., Niu, Yu., Gu, L., Wang, Yi., Zhao, Yi., Bailey, J., and Lu, F., Understanding adversarial attacks on deep learning based medical image analysis systems, Pattern Recognit., 2020, vol. 110, p. 107332. https://doi.org/10.1016/j.patcog.2020.107332CrossRef

Hospital viruses: Fake cancerous nodes in CT scans, created by malware, trick radiologists, The Washington Post, 2019. https://www.washingtonpost.com/technology/2019/04/03/hospital-viruses-fake-cancerous-nodes-ct-scans-created-by-malware-trick-radiologists/. Cited February 15, 2021.

Pitropakis, N., Panaousis, E., Giannetsos, T., Anastasiadis, E., and Loukas, G., A taxonomy and survey of attacks against machine learning, Comput. Sci. Rev., 2019, vol. 34, p. 100199. https://doi.org/10.1016/j.cosrev.2019.100199MathSciNetCrossRef

Chakraborty, A., Alam, M., Dey, V., Chattopadhyay, A., and Mukhopadhyay, D., Adversarial attacks and defences: a survey, 2018. arXiv:1810.00069 [cs.LG]

Barreno, M., Nelson, B., Sears, R., Joseph, A.D., and Tygar, J.D., Can machine learning be secure?, ASIACC-S ’06: Proc. 2006 ACM Symp. on Information, Computer and Communication Security, Taipei, Taiwan, 2006, New York: Association for Computing Machinery, 2006, pp. 16–25. https://doi.org/10.1145/1128817.1128824

Liu, Q., Li, P., Zhao, W., Cai, W., Yu, S., and Leung, V.C.M., A survey on security threats and defensive techniques of machine learning: A data driven view, IEEE Access, 2018, vol. 6, pp. 12103–12117. https://doi.org/10.1109/ACCESS.2018.2805680CrossRef

Finlayso, S.G., Bowers, J.D., Ito, J., Zittrain, J.L., Beam, A.L., and Kohane, I.S., Adversarial attacks on medical machine learning, Science, 2019, vol. 363, no. 6433, pp. 1287–1289. https://doi.org/10.1126/science.aaw4399CrossRef

Taghanaki, S.A., Das, A., Hamarneh, G., Vulnerability analysis of chest x-ray image classification against adversarial attacks, Understanding and Interpreting Machine Learning in Medical Image Computing Applications, Stoyanov, D., Taylor, Z., Kia, S.M., Eds., Lecture Notes in Computer Science, vol. 11038, Cham: Springer, 2018, pp. 87–94. https://doi.org/10.1007/978-3-030-02628-8_10CrossRef

Voynov, D.M. and Kovalev, V.A., Experimental assessment of adversarial attacks to the deep neural networks in medical image recognition, Informatika, 2019, vol. 16, no. 3, pp. 14–22.

10.

Hirano, H., Minagi, A., and Takemoto, K., Universal adversarial attacks on deep neural networks for medical image classification, BMC Med. Imaging, 2021, vol. 21, p. 9. https://doi.org/10.1186/s12880-020-00530-yCrossRef

11.

Ren, K., Zheng, T., Qin, Z., and Liu, X., Adversarial attacks and defenses in deep learning, Engineering, 2020, vol. 6, no. 3, pp. 346–360.https://doi.org/10.1016/j.eng.2019.12.012CrossRef

12.

Tramer, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., and McDaniel, P., Ensemble adversarial training: attacks and defenses, 6th Int. Conf. on Learning Representations, ICLR 2018–Conf. Track Proc., Vancouver, 2018.

13.

Liu, X. and Hsieh, Cho-J., Rob-GAN: generator, discriminator, and adversarial attacker, 2019 IEEE/CVF Conf. on Computer Vision and Pattern Recognition (CVPR), Long Beach, 2019, IEEE, 2019, pp. 11226–11235. https://doi.org/10.1109/CVPR.2019.01149

14.

Xie, C., Wang, J., Zhang, Z., Ren, Z., and Yuille, A., Mitigating adversarial effects through randomization, 6th Int. Conf. on Learning Representations, ICLR 2018–Conf. Track Proc., Vancouver, 2018.

15.

Liu, X., Cheng, M., Zhang, H., and Hsieh, Cho-J., Towards robust neural networks via random self-ensemble, Computer Vision–ECCV 2018, Ferrari, V., Hebert, M., Sminchisescu, C., and Weiss, Y., Eds., Lecture Notes in Computer Science, vol. 11211, Cham: Springer, 2018, pp. 381–397. https://doi.org/10.1007/978-3-030-01234-2_23CrossRef

16.

Dhillon GS, Azizzadenesheli K, Lipton ZC, Bernstein J, Kossaifi J, Khanna A, and Anandkumar, A., Stochastic activation pruning for robust adversarial defense, 6th Int. Conf. on Learning Representations, ICLR 2018–Conf. Track Proc., Vancouver, 2018.

17.

Xu, W., Evans, D., and Qi, Y., Feature squeezing: detecting adversarial examples in deep neural networks, Network and Distributed Systems Security Symp. (NDSS), San Diego, Calif., 2018. https://doi.org/10.14722/ndss.2018.23198

18.

Samangouei, P., Kabkab, M., and Chellappa, R., Defense-GAN: protecting classifiers against adversarial attacks using generative models, 6th Int. Conf. on Learning Representations, ICLR 2018–Conf. Track Proc., Vancouver, 2018.

19.

Shen, S., Jin, G., Gao, K., and Zhang, Y., APE-GAN: Adversarial perturbation elimination with GA, 2017. arXiv:1707.05474 [cs.CV]

20.

Carlini, N. and Wagner, D., Towards evaluating the robustness of neural networks, Proc. 2017 IEEE Symp. on Security and Privacy (SP), San Jose, Calif., 2017, IEEE, 2017, pp. 39–57. https://doi.org/10.1109/SP.2017.49

21.

Meng, D. and Chen, H., MagNet: A two-pronged defense against adversarial examples, CCS ’17: Proc. 2017 ACM SIGSAC Conf. on Computer and Communications Security, Dallas, 2017, New York: Association for Computing Machinery, 2017, pp. 135–147. https://doi.org/10.1145/3133956.3134057

22.

Liao, F., Liang, M., Dong, Y., Pang, T., Hu, X., and Zhu, J., Defense against adversarial attacks using high-level representation guided denoiser, 2018 IEEE/CVF Conf. on Computer Vision and Pattern Recognition, Salt Lake City, Utah, 2018, IEEE, 2018, pp. 1778–1787. https://doi.org/10.1109/CVPR.2018.00191

23.

TensorFlow library. https://www.tensorflow.org/. Cited January 25, 2021.

24.

Curated chest X-ray image dataset for COVID-19 detection, Kaggle. https://www.kaggle.com/unaissait/curated-chest-xray-image-dataset-for-covid19?select=Curated+X-Ray+Dataset. Cited February 20, 2021.

25.

Chest Xray for COVID-19 detection, Kaggle, https://www.kaggle.com/fusicfenta/chest-xray-for-covid19-detection/. Cited February 20, 2021.

26.

COVID-19 chest X-ray image dataset, Kaggle. https://www.kaggle.com/alifrahman/covid19-chest-xray-image-dataset/. Cited February 20, 2021.

27.

COVID-19 radiography database, Kaggle. https://www.kaggle.com/tawsifurrahman/covid19-radiography-database/. Cited February 20, 2021.

28.

Zegzhda, D.P., Pavlenko, E., and Shtyrkina, A., Cybersecurity and control sustainability in digital economy and advanced production, The Economics of Digital Transformation, Devezas, T., Leitão, J., Sarygulov, A., Eds., Studies on Entrepreneurship, Structural Change and Industrial Dynamics, Cham: Springer, 2021, pp. 173–185. https://doi.org/10.1007/978-3-030-59959-1_11

29.

Dakhnovich, A., Moskvin, D., and Zegzhda, D., An approach for providing industrial control system sustainability in the age of digital transformation, IOP Conf. Ser.: Mater. Sci. Eng., 2019, vol. 497, p. 012006. https://doi.org/10.1088/1757-899X/497/1/012006

30.

Fatin, A.D., Pavlenko, E.Yu., and Poltavtseva, M.A., A survey of mathematical methods for security analysis of cyberphysical systems, Autom. Control Comput. Sci., 2020, vol. 54, no. 8, pp. 983–987. https://doi.org/10.3103/S014641162008012XCrossRef

Title: Adversarial Machine Learning Protection Using the Example of Evasion Attacks on Medical Images
Authors: E. A. Rudnitskaya
M. A. Poltavtseva
Publication date: 01-12-2022
Publisher: Pleiades Publishing
Published in: Automatic Control and Computer Sciences / Issue 8/2022
Print ISSN: 0146-4116
Electronic ISSN: 1558-108X
DOI: https://doi.org/10.3103/S0146411622080211

Springer Professional

Abstract

Please log in to get access to your license.

Other articles of this Issue 8/2022

Performance Evaluation of Antivirus Systems for Computer Networks

Authentication and Key Establishment in WSN Based on Key Predistribution

Using Information about Influencing Factors to Split Data Samples in Machine Learning Methods for the Purposes of Assessing Information Security

Intelligent Security Strategy Based on the Selection of the Computer and Neural Network Architecture

Immunization of Complex Networks: Topology and Methods

Mathematical Model of the Spread of Computer Attacks on Critical Information Infrastructure