Robust convolutional neural networks against adversarial attacks on medical images. (December 2022)
- Record Type:
- Journal Article
- Title:
- Robust convolutional neural networks against adversarial attacks on medical images. (December 2022)
- Main Title:
- Robust convolutional neural networks against adversarial attacks on medical images
- Authors:
- Shi, Xiaoshuang
Peng, Yifan
Chen, Qingyu
Keenan, Tiarnan
Thavikulwat, Alisa T.
Lee, Sungwon
Tang, Yuxing
Chew, Emily Y.
Summers, Ronald M.
Lu, Zhiyong - Abstract:
- Highlights: We quantify the scale of adversarial perturbations imperceptible to clinicians. Noise might cause CNNs' vulnerability to adversarial medical images. We propose sparsity denoising operators for boosting CNNs' robustness. Abstract: Convolutional neural networks (CNNs) have been widely applied to medical images. However, medical images are vulnerable to adversarial attacks by perturbations that are undetectable to human experts. This poses significant security risks and challenges to CNN-based applications in clinic practice. In this work, we quantify the scale of adversarial perturbation imperceptible to clinical practitioners and investigate the cause of the vulnerability in CNNs. Specifically, we discover that noise (i.e., irrelevant or corrupted discriminative information) in medical images might be a key contributor to performance deterioration of CNNs against adversarial perturbations, as noisy features are learned unconsciously by CNNs in feature representations and magnified by adversarial perturbations. In response, we propose a novel defense method by embedding sparsity denoising operators in CNNs for improved robustness. Tested with various state-of-the-art attacking methods on two distinct medical image modalities, we demonstrate that the proposed method can successfully defend against those unnoticeable adversarial attacks by retaining as much as over 90% of its original performance. We believe our findings are critical for improving and deployingHighlights: We quantify the scale of adversarial perturbations imperceptible to clinicians. Noise might cause CNNs' vulnerability to adversarial medical images. We propose sparsity denoising operators for boosting CNNs' robustness. Abstract: Convolutional neural networks (CNNs) have been widely applied to medical images. However, medical images are vulnerable to adversarial attacks by perturbations that are undetectable to human experts. This poses significant security risks and challenges to CNN-based applications in clinic practice. In this work, we quantify the scale of adversarial perturbation imperceptible to clinical practitioners and investigate the cause of the vulnerability in CNNs. Specifically, we discover that noise (i.e., irrelevant or corrupted discriminative information) in medical images might be a key contributor to performance deterioration of CNNs against adversarial perturbations, as noisy features are learned unconsciously by CNNs in feature representations and magnified by adversarial perturbations. In response, we propose a novel defense method by embedding sparsity denoising operators in CNNs for improved robustness. Tested with various state-of-the-art attacking methods on two distinct medical image modalities, we demonstrate that the proposed method can successfully defend against those unnoticeable adversarial attacks by retaining as much as over 90% of its original performance. We believe our findings are critical for improving and deploying CNN-based medical applications in real-world scenarios. … (more)
- Is Part Of:
- Pattern recognition. Volume 132(2022)
- Journal:
- Pattern recognition
- Issue:
- Volume 132(2022)
- Issue Display:
- Volume 132, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 132
- Issue:
- 2022
- Issue Sort Value:
- 2022-0132-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-12
- Subjects:
- CNNs -- Adversarial examples -- Sparsity denoising
Pattern perception -- Periodicals
Perception des structures -- Périodiques
Patroonherkenning
006.4 - Journal URLs:
- http://www.sciencedirect.com/science/journal/00313203 ↗
http://www.sciencedirect.com/ ↗ - DOI:
- 10.1016/j.patcog.2022.108923 ↗
- Languages:
- English
- ISSNs:
- 0031-3203
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 23281.xml