Evaluation of the impact of physical adversarial attacks on deep learning models for classifying covid cases

Imagem de Miniatura
Arquivos
art_MARCOMINI_Evaluation_of_the_impact_of_physical_adversarial_attacks_2022.PDF (1.24 MB)
Citações na Scopus
2
Tipo de produção
conferenceObject
Data de publicação
2022
DOI
Scopus
Web of Science
Título da Revista
ISSN da Revista
Título do Volume
Editora
SPIE-INT SOC OPTICAL ENGINEERING
Autores
AGUIAR, Erikson J. de
MARCOMINI, Karem D.
QUIRINO, Felipe A.
TRAINA JR., Caetano
TRAINA, Agma J. M.
Citação
MEDICAL IMAGING 2022: COMPUTER-AIDED DIAGNOSIS, v.12033, article ID 120332P, 7p, 2022
Projetos de Pesquisa
Unidades Organizacionais
Fascículo
Resumo
The SARS-CoV-2 (COVID-19) disease rapidly spread worldwide, thus increasing the need to create new strategies to fight it. Several researchers in different fields have attempted to develop methods to early identifying it and mitigating its effects. The Deep Learning (DL) approach, such as the Convolutional Neural Networks (CNNs), has been increasingly used in COVID-19 diagnoses. These models intend to support decision-making and are doing well to detecting patient status early. Although DL models have good accuracy to support diagnosis, they are vulnerable to Adversarial Attacks. These attacks are new methods to make DL models biased by adding small perturbations on the original image. This paper investigates the impact of Adversarial Attacks on DL models for classifying X-ray images of COVID-19 cases. We focused on the attack Fast Gradient Sign Method (FGSM), which aims to add perturbations to the testing images by combining a perturbation matrix, producing a crafted image. We conduct the experiments analyzing the model's performance attack-free and adding attacks. The following CNNs models were selected: DenseNet201, ResNet-50V2, MobileNetV2, NasNet and VGG16. In the attack-free environment, we reach precision around 99%. When it adds the attack, our results revealed that all models suffer from performance reduction, and the most affected was MobileNet that reduced its ability from 98.61% to 67.73%. However, the VGG16 network showed to be the least affected by the attacks. Our finds describe that DL models for COVID-19 are vulnerable to Adversarial Examples. The FGSM was capable of fooling the model, resulting in a significant reduction in the DL performance.
Palavras-chave
Adversarial attacks, deep neural networks, COVID-19, Fast Gradient Sign Method
URI
https://observatorio.fm.usp.br/handle/OPI/50334
Referências
  1. Ali Z, 2016, INDIAN J ANAESTH, V60, P662, DOI 10.4103/0019-5049.190623
  2. Carlini N, 2017, P IEEE S SECUR PRIV, P39, DOI 10.1109/SP.2017.49
  3. Chih-Ling Chang, 2020, SPAI '20: Proceedings of the 1st ACM Workshop on Security and Privacy on Artificial Intelligence, P47, DOI 10.1145/3385003.3410920
  4. Chowdhury MEH, 2020, IEEE ACCESS, V8, P132665, DOI 10.1109/ACCESS.2020.3010287
  5. Demsar J, 2006, J MACH LEARN RES, V7, P1
  6. Fezza SA, 2019, INT WORK QUAL MULTIM
  7. Goodfellow I.J., 2015, INT C LEARN REPR
  8. Huang Ling, 2011, P 4 ACM WORKSHOP SEC, P43
  9. Li X, 2021, I S BIOMED IMAGING, P1677, DOI 10.1109/ISBI48211.2021.9433761
  10. Madry Aleksander, 2017, DEEP LEARNING MODELS
  11. Ozbulak U, 2019, LECT NOTES COMPUT SC, V11765, P300, DOI 10.1007/978-3-030-32245-8_34
  12. Pereira DG, 2015, COMMUN STAT-SIMUL C, V44, P2636, DOI 10.1080/03610918.2014.931971
  13. Rahman MA, 2021, IEEE INTERNET THINGS, V8, P9603, DOI 10.1109/JIOT.2020.3013710
  14. Rahman T, 2021, COMPUT BIOL MED, V132, DOI 10.1016/j.compbiomed.2021.104319

Coleções
Comunicações em Eventos - HC/InCor
Comunicações em Eventos - COVID-19
Comunicações em Eventos - LIM/65
Comunicações em Eventos - ODS/03