The Hidden Adversarial Vulnerabilities of Medical Federated Learning
Erfan Darzi, Florian Dubost, Nanna. M. Sijtsema, P.M.A van Ooijen
TL;DR
This paper reveals new vulnerabilities in federated medical image analysis systems, showing how adversaries can exploit gradient information to improve attack efficiency and transferability, highlighting security concerns in healthcare AI.
Contribution
It uncovers a novel attack method leveraging gradient info from global models, demonstrating that single-step attacks can be more efficient than iterative ones in federated medical settings.
Findings
Gradient-based attacks are more effective with prior global model info.
Single-step attacks outperform iterative ones in efficiency.
Highlights security risks in federated healthcare AI.
Abstract
In this paper, we delve into the susceptibility of federated medical image analysis systems to adversarial attacks. Our analysis uncovers a novel exploitation avenue: using gradient information from prior global model updates, adversaries can enhance the efficiency and transferability of their attacks. Specifically, we demonstrate that single-step attacks (e.g. FGSM), when aptly initialized, can outperform the efficiency of their iterative counterparts but with reduced computational demand. Our findings underscore the need to revisit our understanding of AI security in federated healthcare settings.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Artificial Intelligence in Healthcare and Education · Medical Imaging Techniques and Applications