Fig 1 - uploaded by Ghassan Hamarneh
Content may be subject to copyright.
Perturbed images produced by 10 (3 categories) different attacks.
Source publication
Recently, there have been several successful deep learning approaches for automatically classifying chest X-ray images into different disease categories. However, there is not yet a comprehensive vulnerability analysis of these models against the so-called adversarial perturbations/attacks, which makes deep models more trustful in clinical practice...
Context in source publication
Context 1
... clean images are used for carrying out different adversarial attacks and the models trained on clean images are evaluated against them. Figure 1 shows the perturbed images produced by the ten different applied attacks. In Figure 2, we visualize a few samples where the perturbations are perceptible by human. ...
Citations
... S. Taghanaki et al. [10] used Inception-ResNet-v2 and Nasnet-Large deep learning techniques to construct a model to assess network sensitivity to attacks. Nasnet-Large achieved 77% accuracy after the average-pooling layer took the place of the max-pooling layer, which increased performance. ...
... In [9], the authors have used two attack settings that are white-box attack when the criminals know all details of the model and a black-box attack when the criminals know nothing about the model. Three different categories of adversarial attacks are applied [10]: I) a gradient-based where the images have perturbed the gradients, II) a score-based that aims to find the most sensitive pixels in the images and perturb them, and III) the decision-based attacks depend on the predicted label without logits. Adversarial retraining is used by [11] to improve the DNN models' robustness by going through 5 steps describes in their work. ...
... To test the robustness of the proposed method on CHEST, we follow the strategy of Taghanaki et al. [44]. We select Inception-ResNet-v2 [42] and modify it by the proposed radial basis function blocks. ...
... We select Inception-ResNet-v2 [42] and modify it by the proposed radial basis function blocks. According to the study done by Taghanaki et al. [44], we focus on the most effective attacks in term of imperceptibility and power i.e., gradient-based attacks (basic iterative method [19]: BIM and L1-BIM). We also compare the proposed method with two defense strategies: Gaussian data augmentation (GDA) [57] and feature squeezing (FSM) [55]. ...
Objectives
Artificial intelligence (AI) technologies are developing very rapidly in the medical field, but have yet to be actively used in actual clinical settings. Ensuring reliability is essential to disseminating technologies, necessitating a wide range of research and subsequent social consensus on requirements for trustworthy AI.
Methods
This review divided the requirements for trustworthy medical AI into explainability, fairness, privacy protection, and robustness, investigated research trends in the literature on AI in healthcare, and explored the criteria for trustworthy AI in the medical field.
Results
Explainability provides a basis for determining whether healthcare providers would refer to the output of an AI model, which requires the further development of explainable AI technology, evaluation methods, and user interfaces. For AI fairness, the primary task is to identify evaluation metrics optimized for the medical field. As for privacy and robustness, further development of technologies is needed, especially in defending training data or AI algorithms against adversarial attacks.
Conclusions
In the future, detailed standards need to be established according to the issues that medical AI would solve or the clinical field where medical AI would be used. Furthermore, these criteria should be reflected in AI-related regulations, such as AI development guidelines and approval processes for medical devices.
In recent years, significant progress has been achieved using deep neural networks (DNNs) in obtaining human-level performance on various long-standing tasks. With the increased use of DNNs in various applications, public concern over DNNs’ trustworthiness has grown. Studies conducted in the last several years have proven that deep learning models are vulnerable to small adversarial perturbations. Adversarial examples are generated from clean images by adding imperceptible perturbations. Adversarial examples are necessary for practical reasons, as they can be physically constructed, implying that DNNs are unsuitable for some image classification applications in their current state. This paper aims to provide an in-depth overview of the numerous adversarial attack strategies and defence methods. The theoretical principles, methods, and applications of adversarial attack strategies are first discussed. After that, a few research attempts on defence techniques covering the field’s broad boundary are outlined. Afterwards, this study reviews recently proposed adversarial attack methods to medical deep learning systems and defence techniques against these attacks. The vulnerability of the DL model is evaluated for different medical image modalities using an adversarial attack and defence method. Some unresolved issues and obstacles are highlighted to ignite additional research efforts in this crucial area.
Medical image analysis with deep learning techniques has been widely recognized to provide support in medical diagnosis. Among the several attacks on the deep learning (DL) models that aim to decrease the reliability of the models, this paper deals with the adversarial attacks. Adversarial attacks and the ways to defend the attacks or make the DL models robust towards these attacks have been an increasingly important research topic with a surge of work carried out on both sides. The adversarial attacks of the white box category, namely Fast Gradient Sign Method (FGSM), the Box-constrained Limited Memory Broyden-Fletcher-Goldfarb-Shanno (L-BFGS-B) attack and a variant of the L-BFGS-B attack are studied in this paper. In this work, we have used two defense mechanisms, namely, Adversarial Training and Defensive distillation-Gradient masking. The reliability of these defense mechanisms against the attacks are studied. The effect of noise in FGSM is studied in detail. Retinal fundus images for the diabetic retinopathy disease are used in the experimentation. The effect of the attack reveals the vulnerability of the Resnet model for these attacks.
Deep neural networks are discovered to be non-robust when attacked by imperceptible adversarial examples, which is dangerous for it applied into medical diagnostic system that requires high reliability. However, the defense methods that have good effect in natural images may not be suitable for medical diagnostic tasks. The pre-processing methods (e.g., random resizing, compression) may lead to the loss of the small lesions feature in the medical image. Retraining the network on the augmented data set is also not practical for medical models that have already been deployed online. Accordingly, it is necessary to design an easy-to-deploy and effective defense framework for medical diagnostic tasks. In this paper, we propose a
R
obust and
R
etrain-Less
D
iagnostic
F
ramework for
Med
ical pretrained models against adversarial attack (i.e., MedRDF). It acts on the inference time of the pretrained medical model. Specifically, for each test image, MedRDF firstly creates a large number of noisy copies of it, and obtains the output labels of these copies from the pretrained medical diagnostic model. Then, based on the labels of these copies, MedRDF outputs the final robust diagnostic result by majority voting. In addition to the diagnostic result, MedRDF produces the Robust Metric (RM) as the confidence of the result. Therefore, it is convenient and reliable to utilize MedRDF to convert pretrained non-robust diagnostic models into robust ones. The experimental results on COVID-19 and DermaMNIST datasets verify the effectiveness of our MedRDF in improving the robustness of medical diagnostic models.
This paper discusses the machine learning effect on healthcare and the development of an application named “Medicolite” in which various modules have been developed for convenience with health-related problems like issues with diet. It also provides online doctor appointments from home and medication through the phone. A healthcare system is “Smart” when it can decide on its own and can prescribe patients life-saving drugs. Machine learning helps in capturing data that are large and contain sensitive information about the patients, so data security is one of the important aspects of this system. It is a health system that uses trending technologies and mobile internet to connect people and healthcare institutions to make them aware of their health condition by intelligently responding to their questions. It perceives information through machine learning and processes this information using cloud computing. With the new technologies, the system decreases the manual intervention in healthcare. Every single piece of information has been saved in the system and the user can access it any time. Furthermore, users can take appointments at any time without standing in a queue. In this paper, the authors proposed a CNN-based classifier. This CNN-based classifier is faster than SVM-based classifier. When these two classifiers are compared based on training and testing sessions, it has been found that the CNN has taken less time (30 seconds) compared to SVM (58 seconds).
