Deep learning (DL) models have demonstrated impressive performance in sensitive medical applications such as disease diagnosis. However, a backdoor attack embedded in the clean dataset without poisoning the labels poses a severe threat to the integrity of Artificial Intelligence (AI) technology. In literature, a lot of work has been done on backdoor attacks for medical applications, in which most of the authors assumed that the labels of the samples are also poisoned. This compromises the elusiveness of the backdoor attacks because poisoned samples can be identified by visual inspection by finding the mismatch between the labels of the samples. In this paper, an elusive backdoor attack is proposed, that makes the poisoned samples difficult to recognize. In the proposed approach a backdoor signal superimposed into a small portion of the clean dataset during training time is proposed. Moreover, this paper proposes a hybrid attack that further increases the Attack Success Rate (ASR). The proposed approach is evaluated over a Convolutional Neural Network (CNN)-based system for Magnetic Resonance Imaging (MRI) brain tumor classification, which demonstrated the effectiveness of the attacks, thus raising concern regarding using AI in sensitive applications.
BHAC-MRI: Backdoor and Hybrid Attacks on MRI Brain Tumor Classification Using CNN / Imran, M.; Qureshi, H. K.; Amerini, I.. - 14234:(2023), pp. 332-344. (Intervento presentato al convegno 22nd International Conference on Image Analysis and Processing, ICIAP 2023 tenutosi a Udine; Italy) [10.1007/978-3-031-43153-1_28].
BHAC-MRI: Backdoor and Hybrid Attacks on MRI Brain Tumor Classification Using CNN
Qureshi H. K.;Amerini I.
2023
Abstract
Deep learning (DL) models have demonstrated impressive performance in sensitive medical applications such as disease diagnosis. However, a backdoor attack embedded in the clean dataset without poisoning the labels poses a severe threat to the integrity of Artificial Intelligence (AI) technology. In literature, a lot of work has been done on backdoor attacks for medical applications, in which most of the authors assumed that the labels of the samples are also poisoned. This compromises the elusiveness of the backdoor attacks because poisoned samples can be identified by visual inspection by finding the mismatch between the labels of the samples. In this paper, an elusive backdoor attack is proposed, that makes the poisoned samples difficult to recognize. In the proposed approach a backdoor signal superimposed into a small portion of the clean dataset during training time is proposed. Moreover, this paper proposes a hybrid attack that further increases the Attack Success Rate (ASR). The proposed approach is evaluated over a Convolutional Neural Network (CNN)-based system for Magnetic Resonance Imaging (MRI) brain tumor classification, which demonstrated the effectiveness of the attacks, thus raising concern regarding using AI in sensitive applications.| File | Dimensione | Formato | |
|---|---|---|---|
|
Imran_BHAC-MRI_2023.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
1.65 MB
Formato
Adobe PDF
|
1.65 MB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
