Mitigating adversarial evasion attacks by deep active learning for medical image classification
Pages 41899 - 41910
Abstract
In the Internet of Medical Things (IoMT), collaboration among institutes can help complex medical and clinical analysis of disease. Deep neural networks (DNN) require training models on large, diverse patients to achieve expert clinician-level performance. Clinical studies do not contain diverse patient populations for analysis due to limited availability and scale. DNN models trained on limited datasets are thereby constraining their clinical performance upon deployment at a new hospital. Therefore, there is significant value in increasing the availability of diverse training data. This research proposes institutional data collaboration alongside an adversarial evasion method to keep the data secure. The model uses a federated learning approach to share model weights and gradients. The local model first studies the unlabeled samples classifying them as adversarial or normal. The method then uses a centroid-based clustering technique to cluster the sample images. After that, the model predicts the output of the selected images, and active learning methods are implemented to choose the sub-sample of the human annotation task. The expert within the domain takes the input and confidence score and validates the samples for the model’s training. The model re-trains on the new samples and sends the updated weights across the network for collaboration purposes. We use the InceptionV3 and VGG16 model under fabricated inputs for simulating Fast Gradient Signed Method (FGSM) attacks. The model was able to evade attacks and achieve a high accuracy rating of 95%.
References
[1]
Ahmed U, Lin JCW, Srivastava G (2021) Privacy-preserving deep reinforcement learning in vehicle adhoc networks. IEEE Consum Electron Mag
[2]
Aldape K et al. Glioma through the looking GLASS: molecular evolution of diffuse gliomas and the glioma longitudinal analysis consortium Neuro-Oncol 2018 20 7 873-884
[3]
Amich A, Eshete B (2021) Explanation-guided diagnosis of machine learning evasion attacks. arXiv:2106.15820
[4]
Bai X, Yan C, Yang H, Bai L, Zhou J, and Hancock ER Adaptive hash retrieval with kernel based similarity Pattern Recogn 2018 75 136-148
[5]
Bonawitz K, Eichner H, Grieskamp W, Huba D, Ingerman A, Ivanov V, Kiddon C, Konečnỳ J, Mazzocchi S, McMahan HB et al (2019) Towards federated learning at scale: System design. arXiv:1902.01046
[6]
Borovec J et al. ANHIR: Automatic Non-rigid histological image registration challenge IEEE Trans Med Imaging 2020 39 10 3042-3052
[7]
Chang K, Balachandar N, Lam C, Yi D, Brown J, Beers A, Rosen B, Rubin DL, and Kalpathy-Cramer J Distributed deep learning networks among institutions for medical imaging J Am Med Inform Assoc 2018 25 8 945-954
[8]
Chen M, Qian Y, Chen J, Hwang K, Mao S, and Hu L Privacy protection and intrusion avoidance for cloudlet-based medical data sharing IEEE Trans Cloud Comput 2020 8 4 1274-1283
[9]
Cheng Y, Lu F, Zhang X (2018) Appearance-based gaze estimation via evaluation-guided asymmetric regression. In: Computer vision. Springer, pp 105–121
[10]
Davatzikos C et al. AI-Based prognostic imaging biomarkers for precision neuro-oncology: the reSPOND consortium Neuro-Oncol 2020 22 6 886-888
[11]
Deng J, Dong W, Socher R, Li L, Li K, Li FF (2009) Imagenet: a large-scale hierarchical image database. In: IEEE Conference on computer vision and pattern recognition, pp 248–255
[12]
Ding X, Zhang S, Song M, Ding X, and Li F Toward invisible adversarial examples against DNN-based privacy leakage for internet of things Internet Things J 2021 8 2 802-812
[13]
Esteva A, Kuprel B, Novoa RA, Ko J, Swetter SM, Blau HM, and Thrun S Dermatologist-level classification of skin cancer with deep neural networks Nature 2017 542 7639 115-118
[14]
Eykholt K, Evtimov I, Fernandes E, Li B, Rahmati A, Xiao C, Prakash A, Kohno T, Song D (2018) Robust physical-world attacks on deep learning visual classification. In: Conference on computer vision and pattern recognition
[15]
Finlayson SG, Bowers JD, Ito J, Zittrain JL, Beam AL, and Kohane IS Adversarial attacks on medical machine learning Science 2019 363 6433 1287-1289
[16]
Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: International conference on learning representations
[17]
Kermany DS et al. Identifying medical diagnoses and treatable diseases by image-based deep learning Cell 2018 172 5 1122-1131.e9
[18]
Lin JCW, Shao Y, Zhou Y, Pirouz M, and Chen HC A bi-lstm mention hypergraph model with encoding schema for mention extraction Eng Appl Artif Intell 2019 85 175-181
[19]
Lin JCW, Shao Y, Djenouri Y, and Yun U Asrnn: a recurrent neural network with an attention model for sequence labeling Knowl-Based Syst 2021 212 106548
[20]
Lyu Z, Wang Z, Luo F, Shuai J, and Huang Y Protein secondary structure prediction with a reductive deep learning method Front Bioeng Biotechno 2021 9 687426
[21]
Maarouf R, Sattar D, Matrawy A (2021) Evaluating resilience of encrypted traffic classification against adversarial evasion attacks. arXiv:2105.14564
[22]
McMahan B, Moore E, Ramage D, Hampson S, Arcas BA (2017) Communication-efficient learning of deep networks from decentralized data. In: Artificial intelligence and statistics, pp 1273–1282
[23]
Niu Y, Gu L, Lu F, Lv F, Wang Z, Sato I, Zhang Z, Xiao Y, Dai X, and Cheng T Pathological evidence exploration in deep retinal image diagnosis AAAI Conf Artif Intell 2019 33 1093-1101
[24]
Paschali M, Conjeti S, Navarro F, Navab N (2018) Generalizability vs. robustness: Investigating medical imaging networks using adversarial examples. In: Medical image computing and computer assisted intervention, pp 493–501
[25]
Paranjape JN, Dubey RK, Gopalan VV (2020) Exploring the role of input and output layers of a deep neural network in adversarial defense. In: International conference on computing and data science, pp 114–118
[26]
Pien HH, Fischman AJ, Thrall JH, and Sorensen A Using imaging biomarkers to accelerate drug development and clinical trials Drug Discov Today 2005 10 4 259-266
[27]
Ravi V, Alazab M, Srinivasan S, Arunachalam A, Soman KP (2021) Adversarial defense: DGA-based botnets and DNS homographs detection through integrated deep learning. IEEE Trans Eng Manag
[28]
Roth HR, Lu O (2015) Deeporgan: Multi-level deep convolutional networks for automated pancreas segmentation. In: International conference on medical image computing and computer-assisted intervention. Springer, pp 556–564
[29]
Roth HR, Chang K, Singh P, Neumark N, Li W, Gupta V, Gupta S, Qu L, Ihsani A, Bizzo BC et al (2020) Federated learning for breast density classification: a real-world implementation. In: Domain adaptation and representation transfer, and distributed and collaborative learning, pp 181–191
[30]
Sheller MJ et al. Federated learning in medicine: facilitating multi-institutional collaborations without sharing patient data Scient Rep 2020 10 1 12598
[31]
Simonyan K, Zisserman A (2014) Very deep convolutional networks for large-scale image recognition. arXiv:1409.1556
[32]
Stapor K, Ksieniewicz P, García S, and Woźniak M How to design the fair experimental classifier evaluation Appl Soft Comput 2021 104 107-219
[33]
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2013) Intriguing properties of neural networks. arXiv:1312.6199
[34]
Szegedy C, Liu W, Jia Y, Sermanet P, Reed S, Anguelov D, Erhan D, Vanhoucke V, Rabinovich A (2015) Going deeper with convolutions. In: IEEE conference on computer vision and pattern recognition, pp 1–9
[35]
Wang Z, Cai B (2021) COVID-19 Cases prediction in multiple areas via shapelet learning. Appl Intell 1–12
[36]
Wang C, Bai X, Wang S, Zhou J, and Ren P Multiscale visual attention networks for object detection in VHR remote sensing images IEEE Geosci Remote Sens Lett 2019 16 2 310-314
[37]
Yu Z, Zhou Y, Zhang W (2020) How can we deal with adversarial examples?. In: International conference on advanced computational intelligence, pp 628–634
[38]
Zech JR, Badgeley MA, Liu M, Costa AB, Titano JJ, and Oermann EK Variable generalization performance of a deep learning model to detect pneumonia in chest radiographs: A cross-sectional study PLOS Med 2018 15 11 e1002683
Index Terms
- Mitigating adversarial evasion attacks by deep active learning for medical image classification
Index terms have been assigned to the content through auto-classification.
Recommendations
Adversarial examples: attacks and defences on medical deep learning systems
AbstractIn recent years, significant progress has been achieved using deep neural networks (DNNs) in obtaining human-level performance on various long-standing tasks. With the increased use of DNNs in various applications, public concern over DNNs’ ...
A hybrid adversarial training for deep learning model and denoising network resistant to adversarial examples
AbstractDeep neural networks (DNNs) are vulnerable to adversarial attacks that generate adversarial examples by adding small perturbations to the clean images. To combat adversarial attacks, the two main defense methods used are denoising and adversarial ...
Enhancing Robustness of Malware Detection Model Against White Box Adversarial Attacks
Distributed Computing and Intelligent TechnologyAbstractDeep Neural Networks(DNNs) have made remarkable breakthroughs in several fields such as computer vision, autonomous vehicles etc. Due to its adaptability to malware evolution, security analysts heavily utilise end-to-end DNNs in malware detection ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
© The Author(s) 2021.
Publisher
Kluwer Academic Publishers
United States
Publication History
Published: 01 December 2022
Accepted: 19 August 2021
Revision received: 27 July 2021
Received: 19 December 2020
Author Tags
Qualifiers
- Research-article
Funding Sources
- Western Norway University Of Applied Sciences
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 30 Dec 2024