Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

FIMBA: Evaluating the Robustness of AI in Genomics via Feature Importance Adversarial Attacks

Heorhii Skovorodnikov, Hoda Alkhzaimi

TL;DR

The paper addresses the robustness of AI models in genomics by introducing FIMBA, a black-box, feature-importance–driven adversarial framework that can mislead gene-expression classifiers. It combines SHAP-based feature selection with interpolation-based perturbations and a VAE-driven data generation pipeline to produce poisoned samples, evaluated across cancer (TCGA/TARGET/GTEx) and COVID-19 datasets, and assessed with spectral analysis to gauge detectability. Key contributions include demonstrating black-box attacks on genomic data, comparing against classical attacks, and introducing a generative poisoning strategy that speeds synthetic data creation. The work highlights serious security risks for open genomics pipelines and outlines defense directions—vulnerability mapping, adversarial training, and detector development—to improve practical robustness in genomic AI applications.

Abstract

With the steady rise of the use of AI in bio-technical applications and the widespread adoption of genomics sequencing, an increasing amount of AI-based algorithms and tools is entering the research and production stage affecting critical decision-making streams like drug discovery and clinical outcomes. This paper demonstrates the vulnerability of AI models often utilized downstream tasks on recognized public genomics datasets. We undermine model robustness by deploying an attack that focuses on input transformation while mimicking the real data and confusing the model decision-making, ultimately yielding a pronounced deterioration in model performance. Further, we enhance our approach by generating poisoned data using a variational autoencoder-based model. Our empirical findings unequivocally demonstrate a decline in model performance, underscored by diminished accuracy and an upswing in false positives and false negatives. Furthermore, we analyze the resulting adversarial samples via spectral analysis yielding conclusions for countermeasures against such attacks.

FIMBA: Evaluating the Robustness of AI in Genomics via Feature Importance Adversarial Attacks

TL;DR

The paper addresses the robustness of AI models in genomics by introducing FIMBA, a black-box, feature-importance–driven adversarial framework that can mislead gene-expression classifiers. It combines SHAP-based feature selection with interpolation-based perturbations and a VAE-driven data generation pipeline to produce poisoned samples, evaluated across cancer (TCGA/TARGET/GTEx) and COVID-19 datasets, and assessed with spectral analysis to gauge detectability. Key contributions include demonstrating black-box attacks on genomic data, comparing against classical attacks, and introducing a generative poisoning strategy that speeds synthetic data creation. The work highlights serious security risks for open genomics pipelines and outlines defense directions—vulnerability mapping, adversarial training, and detector development—to improve practical robustness in genomic AI applications.

Abstract

With the steady rise of the use of AI in bio-technical applications and the widespread adoption of genomics sequencing, an increasing amount of AI-based algorithms and tools is entering the research and production stage affecting critical decision-making streams like drug discovery and clinical outcomes. This paper demonstrates the vulnerability of AI models often utilized downstream tasks on recognized public genomics datasets. We undermine model robustness by deploying an attack that focuses on input transformation while mimicking the real data and confusing the model decision-making, ultimately yielding a pronounced deterioration in model performance. Further, we enhance our approach by generating poisoned data using a variational autoencoder-based model. Our empirical findings unequivocally demonstrate a decline in model performance, underscored by diminished accuracy and an upswing in false positives and false negatives. Furthermore, we analyze the resulting adversarial samples via spectral analysis yielding conclusions for countermeasures against such attacks.
Paper Structure (15 sections, 4 equations, 6 figures, 4 tables, 1 algorithm)

This paper contains 15 sections, 4 equations, 6 figures, 4 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related work
  3. Methodology: Attack Pipeline
  4. Selected Datasets
  5. Models and Compute Infrastructure
  6. Proposed Attack Approach
  7. Ablation: Brute Force Approach
  8. Generation of Poisoned Data
  9. Results
  10. Comparison to Other Methods
  11. Synthetic Data
  12. Detection and Countermeasures
  13. Conclusions
  14. Code Availability
  15. Data Availability

Figures (6)

  • Figure 1: Results of our main attack. $k=1000$ for the number of samples; x-axis represents different attack strength settings via the number of features modified
  • Figure 2: Results of our brute force attack. k = 1000 for the number of samples; x-axis represents different attack strength settings via the number of features modified
  • Figure 3: Example of spectral analysis of a ResNet model performed on TCGA dataset: S0 - original dataset, Sa - transformed dataset (main method), Sr transformed dataset (brute force method)
  • Figure 4: Distribution of datasets before and after normalization using PCA (components=100, top 2 plotted)
  • Figure 5: VAE generated samples and architecture
  • ...and 1 more figures