Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Securing the Diagnosis of Medical Imaging: An In-depth Analysis of AI-Resistant Attacks

Md Abdullah Al Nasim, Parag Biswas, Abdur Rashid, Kishor Datta Gupta, Roy George, Sovon Chakraborty, Khalil Shujaee

TL;DR

This paper tackles the security of medical imaging AI by surveying adversarial attacks and defenses in medical image analysis. It categorizes attack types (evasion vs poisoning) in both white-box and black-box settings and reviews how DNNs in medical contexts can be misled by small perturbations. The authors synthesize defense strategies, including adversarial training, detection, image-level preprocessing, feature augmentation, and knowledge distillation, and evaluate frameworks like SSAT and UAD across multiple datasets. The work highlights the practical importance of robust medical AI for safe clinical decision-making and advocates for continued development of rigorous evaluation protocols and defense mechanisms.

Abstract

Machine learning (ML) is a rapidly developing area of medicine that uses significant resources to apply computer science and statistics to medical issues. ML's proponents laud its capacity to handle vast, complicated, and erratic medical data. It's common knowledge that attackers might cause misclassification by deliberately creating inputs for machine learning classifiers. Research on adversarial examples has been extensively conducted in the field of computer vision applications. Healthcare systems are thought to be highly difficult because of the security and life-or-death considerations they include, and performance accuracy is very important. Recent arguments have suggested that adversarial attacks could be made against medical image analysis (MedIA) technologies because of the accompanying technology infrastructure and powerful financial incentives. Since the diagnosis will be the basis for important decisions, it is essential to assess how strong medical DNN tasks are against adversarial attacks. Simple adversarial attacks have been taken into account in several earlier studies. However, DNNs are susceptible to more risky and realistic attacks. The present paper covers recent proposed adversarial attack strategies against DNNs for medical imaging as well as countermeasures. In this study, we review current techniques for adversarial imaging attacks, detections. It also encompasses various facets of these techniques and offers suggestions for the robustness of neural networks to be improved in the future.

Securing the Diagnosis of Medical Imaging: An In-depth Analysis of AI-Resistant Attacks

TL;DR

This paper tackles the security of medical imaging AI by surveying adversarial attacks and defenses in medical image analysis. It categorizes attack types (evasion vs poisoning) in both white-box and black-box settings and reviews how DNNs in medical contexts can be misled by small perturbations. The authors synthesize defense strategies, including adversarial training, detection, image-level preprocessing, feature augmentation, and knowledge distillation, and evaluate frameworks like SSAT and UAD across multiple datasets. The work highlights the practical importance of robust medical AI for safe clinical decision-making and advocates for continued development of rigorous evaluation protocols and defense mechanisms.

Abstract

Machine learning (ML) is a rapidly developing area of medicine that uses significant resources to apply computer science and statistics to medical issues. ML's proponents laud its capacity to handle vast, complicated, and erratic medical data. It's common knowledge that attackers might cause misclassification by deliberately creating inputs for machine learning classifiers. Research on adversarial examples has been extensively conducted in the field of computer vision applications. Healthcare systems are thought to be highly difficult because of the security and life-or-death considerations they include, and performance accuracy is very important. Recent arguments have suggested that adversarial attacks could be made against medical image analysis (MedIA) technologies because of the accompanying technology infrastructure and powerful financial incentives. Since the diagnosis will be the basis for important decisions, it is essential to assess how strong medical DNN tasks are against adversarial attacks. Simple adversarial attacks have been taken into account in several earlier studies. However, DNNs are susceptible to more risky and realistic attacks. The present paper covers recent proposed adversarial attack strategies against DNNs for medical imaging as well as countermeasures. In this study, we review current techniques for adversarial imaging attacks, detections. It also encompasses various facets of these techniques and offers suggestions for the robustness of neural networks to be improved in the future.
Paper Structure (17 sections, 8 figures)

This paper contains 17 sections, 8 figures.

Table of Contents

  1. Introduction
  2. Adversarial Attacks ML Applications
  3. The Adversary's Objective: Evasion attack versus poisoning assault
  4. Deep Neural Networks: Adversarial Attacks
  5. Examining examples of opposition in the real world
  6. Medical Image Under Artificial Intelligence Attack
  7. Background Literature Review
  8. The components of an adversarial attack
  9. Materials and Methods
  10. Medical Adversarial Defensive Strategies
  11. Adversarial Training
  12. Adversarial Detection
  13. Image-level Pre-processing
  14. Enhancement of Features
  15. Distillation of Knowledge
  16. ...and 2 more sections

Figures (8)

  • Figure 1: The attack of Biggio's SVM classifier for letter recognition. xu2020adversarial
  • Figure 2: Examples of adversarial approaches designed by the Projected Gradient Descent (PGD) to deceive DNNs trained on medical image datasets include dermoscopy jones2019dermoscopy (third row), chest x-ray wang2017hospital, and fundoscopy graham2015kaggle (first row, DR=diabetic retinopathy). Normal images on the left, adversarial perturbations in the middle, and adversarial images on the right. The anticipated class is indicated by the left-bottom tag, and green or red denotes accurate or inaccurate predictions ma2021understanding.
  • Figure 3: Clean image, bias field noise, and diagnosis following application of bias field noise are shown in (a), (b), and (c), respectively tian2021bias.
  • Figure 4: Medical adversarial examples with predictions for a range of perturbation sizes. For visualization, the created segmentation masks are placed on top of the source photos dong2023adversarial.
  • Figure 5: An outline of our study's methodology. li2021defending
  • ...and 3 more figures