One-Pixel Attack Deceives Computer-Assisted Diagnosis of Cancer

TL;DR

This paper demonstrates that a single-pixel modification in digital pathology images can deceive automated cancer diagnosis systems, highlighting a significant cybersecurity vulnerability in medical AI applications.

Contribution

It presents the first real-world demonstration of one-pixel adversarial attacks on a pathology dataset, exposing security risks in automated cancer diagnosis.

Findings

A one-pixel change can reverse diagnosis results

Adversarial examples are generated using differential evolution

The attack demonstrates a cybersecurity threat in medical AI

Abstract

Computer vision and machine learning can be used to automate various tasks in cancer diagnostic and detection. If an attacker can manipulate the automated processing, the results can be devastating and in the worst case lead to wrong diagnosis and treatment. In this research, the goal is to demonstrate the use of one-pixel attacks in a real-life scenario with a real pathology dataset, TUPAC16, which consists of digitized whole-slide images. We attack against the IBM CODAIT's MAX breast cancer detector using adversarial images. These adversarial examples are found using differential evolution to perform the one-pixel modification to the images in the dataset. The results indicate that a minor one-pixel modification of a whole slide image under analysis can affect the diagnosis by reversing the automatic diagnosis result. The attack poses a threat from the cyber security perspective: the one-pixel method can be used as an attack vector by a motivated attacker.