Deep learning (DL) models have demonstrated impressive performance in sensitive medical applications such as disease diagnosis. However, a backdoor attack embedded in the clean dataset without poisoning the labels poses a severe threat to the integrity of Artificial Intelligence (AI) technology. In literature, a lot of work has been done on backdoor attacks for medical applications, in which most of the authors assumed that the labels of the samples are also poisoned. This compromises the elusiveness of the backdoor attacks because poisoned samples can be identified by visual inspection by finding the mismatch between the labels of the samples. In this paper, an elusive backdoor attack is proposed, that makes the poisoned samples difficult to recognize. In the proposed approach a backdoor signal superimposed into a small portion of the clean dataset during training time is proposed. Moreover, this paper proposes a hybrid attack that further increases the Attack Success Rate (ASR). The proposed approach is evaluated over a Convolutional Neural Network (CNN)-based system for Magnetic Resonance Imaging (MRI) brain tumor classification, which demonstrated the effectiveness of the attacks, thus raising concern regarding using AI in sensitive applications.

BHAC-MRI: Backdoor and Hybrid Attacks on MRI Brain Tumor Classification Using CNN / Imran, M.; Qureshi, H. K.; Amerini, I.. - 14234:(2023), pp. 332-344. (Intervento presentato al convegno 22nd International Conference on Image Analysis and Processing, ICIAP 2023 tenutosi a Udine; Italy) [10.1007/978-3-031-43153-1_28].

BHAC-MRI: Backdoor and Hybrid Attacks on MRI Brain Tumor Classification Using CNN

Qureshi H. K.;Amerini I.
2023

Abstract

Deep learning (DL) models have demonstrated impressive performance in sensitive medical applications such as disease diagnosis. However, a backdoor attack embedded in the clean dataset without poisoning the labels poses a severe threat to the integrity of Artificial Intelligence (AI) technology. In literature, a lot of work has been done on backdoor attacks for medical applications, in which most of the authors assumed that the labels of the samples are also poisoned. This compromises the elusiveness of the backdoor attacks because poisoned samples can be identified by visual inspection by finding the mismatch between the labels of the samples. In this paper, an elusive backdoor attack is proposed, that makes the poisoned samples difficult to recognize. In the proposed approach a backdoor signal superimposed into a small portion of the clean dataset during training time is proposed. Moreover, this paper proposes a hybrid attack that further increases the Attack Success Rate (ASR). The proposed approach is evaluated over a Convolutional Neural Network (CNN)-based system for Magnetic Resonance Imaging (MRI) brain tumor classification, which demonstrated the effectiveness of the attacks, thus raising concern regarding using AI in sensitive applications.
2023
22nd International Conference on Image Analysis and Processing, ICIAP 2023
adversarial attack; backdoor attack; deep learning; attack success rate
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
BHAC-MRI: Backdoor and Hybrid Attacks on MRI Brain Tumor Classification Using CNN / Imran, M.; Qureshi, H. K.; Amerini, I.. - 14234:(2023), pp. 332-344. (Intervento presentato al convegno 22nd International Conference on Image Analysis and Processing, ICIAP 2023 tenutosi a Udine; Italy) [10.1007/978-3-031-43153-1_28].
File allegati a questo prodotto
File Dimensione Formato  
Imran_BHAC-MRI_2023.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 1.65 MB
Formato Adobe PDF
1.65 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1693707
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? 0
social impact