SentinelAdvMedical: toward adversarial attacks detection on medical image classification via Out-Of-Distribution strategies

Deep Learning (DL) comprehends methods to enhance medical image classification and help physicians speed up diagnosis. However, these methods present security issues and are vulnerable to adversarial attacks that result in the model's misclassification, presenting severe consequences in the medical field. The literature lacks strategies to detect such attacks and mitigate their effects on the DL models. We propose SentinelAdvMedical, a novel pipeline to detect adversarial attacks by employing controlled Out-of-Distributions (OOD) strategies to enhance the "immunity" of DL models. Towards that end, we studied the classification of Optical Coherence Tomography (OCT) images of Skin lesions with ResNet50, including the application of adversarial attacks. We then measured the Attack Success Rate (ASR), with DeepFool and Projected Gradient Descent (PGD) being the best attacks against ResNet50. DeepFool attains an ASR of 89.06%, and PGD has an ASR of 83.59%. Our findings show that MaxLogits and Entropy are the best OOD detectors for OCT and Skin Lesion datasets. They outperform the baseline Maximum Softmax Probabilities (MSP) and Mahalanobis feature-based score. To conduct this study, we developed a novel pipeline and studied the application of OOD strategies against adversarial examples, aiming to detect them and provide security specialists with a path to check possible attacked spots in medical datasets employing the best OOD detectors in these settings. (AU)