SentinelAdvMedical: toward adversarial attacks detection on medical image classification via Out-Of-Distribution strategies

de Aguiar, Erikson J.; Traina, Agma J. M.; Helal, Sumi

Texto completo
Autor(es):	de Aguiar, Erikson J. ; Traina, Agma J. M. ; Helal, Sumi Número total de Autores: 3
Tipo de documento:	Artigo Científico
Fonte:	MEDICAL IMAGING 2025: COMPUTER-AIDED DIAGNOSIS; v. 13407, p. 7-pg., 2025-01-01.
Resumo
Deep Learning (DL) comprehends methods to enhance medical image classification and help physicians speed up diagnosis. However, these methods present security issues and are vulnerable to adversarial attacks that result in the model's misclassification, presenting severe consequences in the medical field. The literature lacks strategies to detect such attacks and mitigate their effects on the DL models. We propose SentinelAdvMedical, a novel pipeline to detect adversarial attacks by employing controlled Out-of-Distributions (OOD) strategies to enhance the "immunity" of DL models. Towards that end, we studied the classification of Optical Coherence Tomography (OCT) images of Skin lesions with ResNet50, including the application of adversarial attacks. We then measured the Attack Success Rate (ASR), with DeepFool and Projected Gradient Descent (PGD) being the best attacks against ResNet50. DeepFool attains an ASR of 89.06%, and PGD has an ASR of 83.59%. Our findings show that MaxLogits and Entropy are the best OOD detectors for OCT and Skin Lesion datasets. They outperform the baseline Maximum Softmax Probabilities (MSP) and Mahalanobis feature-based score. To conduct this study, we developed a novel pipeline and studied the application of OOD strategies against adversarial examples, aiming to detect them and provide security specialists with a path to check possible attacked spots in medical datasets employing the best OOD detectors in these settings. (AU)

Processo FAPESP:	21/08982-3 - Segurança e privacidade em modelos de aprendizagem de máquina para imagens médicas contra ataques adversários
Beneficiário:	Erikson Júlio de Aguiar
Modalidade de apoio:	Bolsas no Brasil - Doutorado


Processo FAPESP:	23/18026-8 - Centro de Ciência de Dados para Estatísticas Públicas (CCDEP)
Beneficiário:	Carlos Eduardo Torres Freire
Modalidade de apoio:	Auxílio à Pesquisa - Centros de Ciência para o Desenvolvimento


Processo FAPESP:	16/17078-0 - Mineração, indexação e visualização de Big Data no contexto de sistemas de apoio à decisão clínica (MIVisBD)
Beneficiário:	Agma Juci Machado Traina
Modalidade de apoio:	Auxílio à Pesquisa - Temático


Processo FAPESP:	23/14759-0 - Preservação da privacidade e defesa de backdoors: rumo à aprendizagem federada em contextos médicos
Beneficiário:	Erikson Júlio de Aguiar
Modalidade de apoio:	Bolsas no Exterior - Estágio de Pesquisa - Doutorado


Processo FAPESP:	24/13328-9 - Gestão Inteligente de Dados Multimodais de Saúde para Tomada de Decisão em Cenários de Big Data - IHealth-MD
Beneficiário:	Agma Juci Machado Traina
Modalidade de apoio:	Auxílio à Pesquisa - Temático

URL curto