Skip to main content
SpringerLink
Log in

Detecting One-Pixel Attacks Using Variational Autoencoders

  • Conference paper
  • First Online:
Information Systems and Technologies (WorldCIST 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 468))

Included in the following conference series:

Abstract

In the field of medical imaging, artificial intelligence solutions are used for diagnosis, prediction and treatment processes. Such solutions are vulnerable to cyberattacks, especially adversarial attacks targeted at machine learning algorithms. One-pixel attack is an adversarial method against image classification algorithms based on neural networks. In this study, we show that a variational autoencoder can be used to detect such attacks in the context of medical imaging. We use adversarial one-pixel images generated from the TUPAC16 dataset and apply the variational autoencoder as a filter before letting the images pass to the classifier. The results indicate that the variational autoencoder model efficiently detects one-pixel attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. IBM code model asset exchange: Breast cancer mitosis detector (2019). https://github.com/IBM/MAX-Breast-Cancer-Mitosis-Detector

  2. Alatalo, J., Korpihalkola, J., Sipola, T., Kokkonen, T.: Chromatic and spatial analysis of one-pixel attacks against an image classifier (2021). arXiv:2105.13771 [cs.CV]

  3. Apostolidis, K.D., Papakostas, G.A.: A survey on adversarial deep learning robustness in medical image analysis. Electronics 10(17), 2132 (2021). https://doi.org/10.3390/electronics10172132

    Article  Google Scholar 

  4. Asperti, A., Trentin, M.: Balancing reconstruction error and Kullback-Leibler divergence in variational autoencoders. IEEE Access 8, 199,440–199,448 (2020). https://doi.org/10.1109/ACCESS.2020.3034828

  5. Beggel, L., Pfeiffer, M., Bischl, B.: Robust anomaly detection in images using adversarial autoencoders (2019)

    Google Scholar 

  6. Cai, F., Li, J., Koutsoukos, X.: Detecting adversarial examples in learning-enabled cyber-physical systems using variational autoencoder for regression. In: 2020 IEEE Security and Privacy Workshops (SPW), pp. 208–214 (2020). https://doi.org/10.1109/SPW50608.2020.00050

  7. Cheng, S.: BCCD dataset (2018). https://github.com/Shenggan/BCCD_Dataset

  8. Chiang, P.H., Chan, C.S., Wu, S.H.: Adversarial pixel masking: a defense against physical attacks for pre-trained object detectors. In: Proceedings of the 29th ACM International Conference on Multimedia, MM 2021, pp. 1856–1865. Association for Computing Machinery, New York, NY, USA (2021). https://doi.org/10.1145/3474085.3475338

  9. Dusenberry, M., Hu, F.: Deep learning for breast cancer mitosis detection (2018)

    Google Scholar 

  10. Endsley, M.: Toward a theory of situation awareness in dynamic systems. Hum. Factors 37(1), 32–64 (1995). https://doi.org/10.1518/001872095779049543

    Article  Google Scholar 

  11. Finlayson, S.G., Bowers, J.D., Ito, J., Zittrain, J.L., Beam, A.L., Kohane, I.S.: Adversarial attacks on medical machine learning. Science 363(6433), 1287–1289 (2019)

    Article  Google Scholar 

  12. Ghosh, S.: Cats faces 64 \(\times \) 64 (for generative models) (2018). https://www.kaggle.com/spandan2/cats-faces-64x64-for-generative-models

  13. Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016). http://www.deeplearningbook.org

  14. Kingma, D.P., Welling, M.: Auto-encoding variational Bayes (2014)

    Google Scholar 

  15. Korpihalkola, J., Sipola, T., Kokkonen, T.: Color-optimized one-pixel attack against digital pathology images. In: Balandin, S., Koucheryavy, Y., Tyutina, T. (eds.) 2021 29th Conference of Open Innovations Association (FRUCT), vol. 29, pp. 206–213. IEEE (2021). https://doi.org/10.23919/FRUCT52173.2021.9435562

  16. Korpihalkola, J., Sipola, T., Puuska, S., Kokkonen, T.: One-pixel attack deceives computer-assisted diagnosis of cancer. In: Proceedings of the 4th International Conference on Signal Processing and Machine Learning (SPML 2021), 18–20 August 2021, Beijing, China. ACM, New York, USA (2021). https://doi.org/10.1145/3483207.3483224

  17. Li, X., Zhu, D.: Robust detection of adversarial attacks on medical images. In: 2020 IEEE 17th International Symposium on Biomedical Imaging (ISBI), pp. 1154–1158 (2020). https://doi.org/10.1109/ISBI45749.2020.9098628

  18. Mazlan, A.U., Sahabudin, N.A.B., Remli, M.A., Ismail, N.S.N., Mohamad, M.S., Warif, N.B.A.: Supervised and unsupervised machine learning for cancer classification: recent development. In: 2021 IEEE International Conference on Automatic Control Intelligent Systems (I2CACIS), pp. 392–395 (2021). https://doi.org/10.1109/I2CACIS52118.2021.9495888

  19. van der Meulen, R.: Build Adaptive Security Architecture into Your Organization (2017). https://www.gartner.com/smarterwithgartner/build-adaptive-security-architecture-into-your-organization/. Accessed 3 Apr 2020

  20. Nayyar, S.: Why healthcare could face unprecedented cyber threats in 2021 (2021). https://www.forbes.com/sites/forbestechcouncil/2021/03/17/why-healthcare-could-face-unprecedented-cyber-threats-in-2021/

  21. Nguyen-Son, H.Q., Thao, T.P., Hidano, S., Bracamonte, V., Kiyomoto, S., Yamaguchi, R.S.: OPA2D: one-pixel attack, detection, and defense in deep neural networks. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp. 1–10 (2021). https://doi.org/10.1109/IJCNN52387.2021.9534332

  22. Rafi, T.H., Shubair, R.M., Farhan, F., Hoque, M.Z., Quayyum, F.M.: Recent advances in computer-aided medical diagnosis using machine learning algorithms with optimization techniques. IEEE Access 9, 137,847–137,868 (2021). https://doi.org/10.1109/ACCESS.2021.3108892

  23. Rogova, G.L., Ilin, R.: Reasoning and decision making under uncertainty and risk for situation management. In: 2019 IEEE Conference on Cognitive and Computational Aspects of Situation Management (CogSIMA), pp. 34–42 (2019). https://doi.org/10.1109/COGSIMA.2019.8724330

  24. Sipola, T., Kokkonen, T.: One-pixel attacks against medical imaging: a conceptual framework. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Ramalho Correia, A.M. (eds.) WorldCIST 2021. AISC, vol. 1365, pp. 197–203. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72657-7_19

    Chapter  Google Scholar 

  25. Sipola, T., Puuska, S., Kokkonen, T.: Model fooling attacks against medical imaging: a short survey. Inf. Secur. Int. J. 46(2), 215–224 (2020). https://doi.org/10.11610/isij.4615

  26. Strachna, O., Asan, O.: Systems thinking approach to an artificial intelligence reality within healthcare: from hype to value. In: 2021 IEEE International Symposium on Systems Engineering (ISSE), pp. 1–8 (2021). https://doi.org/10.1109/ISSE51541.2021.9582546

  27. Su, J., Vargas, D.V., Sakurai, K.: Attacking convolutional neural network using differential evolution. IPSJ Trans. Comput. Vis. Appl. 11(1), 1–16 (2019)

    Article  Google Scholar 

  28. Su, J., Vargas, D.V., Sakurai, K.: One pixel attack for fooling deep neural networks. IEEE Trans. Evol. Comput. 23(5), 828–841 (2019). https://doi.org/10.1109/TEVC.2019.2890858

    Article  Google Scholar 

  29. Tang, X.: The role of artificial intelligence in medical imaging research. BJR Open 2(1), 20190,031–20190,031 (2019). https://doi.org/10.1259/bjro.20190031, https://pubmed.ncbi.nlm.nih.gov/33178962

  30. Tong, L., et al.: Adversarial sample detection framework based on autoencoder. In: 2020 International Conference on Big Data Artificial Intelligence Software Engineering (ICBASE), pp. 241–245 (2020). https://doi.org/10.1109/ICBASE51474.2020.00058

  31. Veta, M., et al.: Predicting breast tumor proliferation from whole-slide images: the TUPAC16 challenge. Med. Image Anal. 54, 111–121 (2019). https://doi.org/10.1016/j.media.2019.02.012

    Article  Google Scholar 

  32. Wang, P., Cai, Z., Kim, D., Li, W.: Detection mechanisms of one-pixel attack. Wirel. Commun. Mobile Comput. 2021, 8891,204 (2021). https://doi.org/10.1155/2021/8891204

  33. Wlodarczak, P.: Machine Learning and its Applications. CRC Press, Boca Raton, London, New York (2019)

    Book  Google Scholar 

  34. Xu, G., Zong, Y., Yang, Z.: Applied Data Mining. CRC Press, Boca Raton, London, New York (2013)

    Book  Google Scholar 

  35. Xu, H., et al.: Adversarial attacks and defenses in images, graphs and text: a review. Int. J. Autom. Comput. 17(2), 151–178 (2020). https://doi.org/10.1007/s11633-019-1211-x

    Article  Google Scholar 

Download references

Acknowledgments

This research was partially funded by Cyber Security Network of Competence Centres for Europe (CyberSec4Europe) project of the Horizon 2020 SU-ICT-03-2018 program. The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript.

Author information

Authors and Affiliations

  1. Institute of Information Technology, JAMK University of Applied Sciences, Jyväskylä, Finland

    Janne Alatalo, Tuomo Sipola & Tero Kokkonen

Authors
  1. Janne Alatalo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tuomo Sipola
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tero Kokkonen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tero Kokkonen .

Editor information

Editors and Affiliations

  1. ISEG, Universidade de Lisboa, Lisbon, Portugal

    Alvaro Rocha

  2. College of Engineering, The Ohio State University, Columbus, OH, USA

    Hojjat Adeli

  3. Institute of Data Science and Digital Technologies, Vilnius University, Vilnius, Lithuania

    Gintautas Dzemyda

  4. DCT, Universidade Portucalense, Porto, Portugal

    Fernando Moreira

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Alatalo, J., Sipola, T., Kokkonen, T. (2022). Detecting One-Pixel Attacks Using Variational Autoencoders. In: Rocha, A., Adeli, H., Dzemyda, G., Moreira, F. (eds) Information Systems and Technologies. WorldCIST 2022. Lecture Notes in Networks and Systems, vol 468. Springer, Cham. https://doi.org/10.1007/978-3-031-04826-5_60

Download citation

Publish with us

Policies and ethics

Search

Navigation