TL;DR
This paper evaluates the vulnerability of deep diagnostic models to adversarial attacks, demonstrating their fragility and proposing defense strategies to enhance robustness in medical image classification.
Contribution
It introduces a comprehensive adversarial attack evaluation on diagnostic models and proposes two novel defense methods to improve their robustness against such attacks.
Findings
Models are highly vulnerable to adversarial examples.
Defense methods significantly improve model robustness.
Analysis of attack impacts on features and label correlation.
Abstract
Deep learning models (with neural networks) have been widely used in challenging tasks such as computer-aided disease diagnosis based on medical images. Recent studies have shown deep diagnostic models may not be robust in the inference process and may pose severe security concerns in clinical practice. Among all the factors that make the model not robust, the most serious one is adversarial examples. The so-called "adversarial example" is a well-designed perturbation that is not easily perceived by humans but results in a false output of deep diagnostic models with high confidence. In this paper, we evaluate the robustness of deep diagnostic models by adversarial attack. Specifically, we have performed two types of adversarial attacks to three deep diagnostic models in both single-label and multi-label classification tasks, and found that these models are not reliable when attacked by…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
