Abstract
In the field of medical imaging, artificial intelligence solutions are used for diagnosis, prediction and treatment processes. Such solutions are vulnerable to cyberattacks, especially adversarial attacks targeted at machine learning algorithms. One-pixel attack is an adversarial method against image classification algorithms based on neural networks. In this study, we show that a variational autoencoder can be used to detect such attacks in the context of medical imaging. We use adversarial one-pixel images generated from the TUPAC16 dataset and apply the variational autoencoder as a filter before letting the images pass to the classifier. The results indicate that the variational autoencoder model efficiently detects one-pixel attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
IBM code model asset exchange: Breast cancer mitosis detector (2019). https://github.com/IBM/MAX-Breast-Cancer-Mitosis-Detector
Alatalo, J., Korpihalkola, J., Sipola, T., Kokkonen, T.: Chromatic and spatial analysis of one-pixel attacks against an image classifier (2021). arXiv:2105.13771 [cs.CV]
Apostolidis, K.D., Papakostas, G.A.: A survey on adversarial deep learning robustness in medical image analysis. Electronics 10(17), 2132 (2021). https://doi.org/10.3390/electronics10172132
Asperti, A., Trentin, M.: Balancing reconstruction error and Kullback-Leibler divergence in variational autoencoders. IEEE Access 8, 199,440–199,448 (2020). https://doi.org/10.1109/ACCESS.2020.3034828
Beggel, L., Pfeiffer, M., Bischl, B.: Robust anomaly detection in images using adversarial autoencoders (2019)
Cai, F., Li, J., Koutsoukos, X.: Detecting adversarial examples in learning-enabled cyber-physical systems using variational autoencoder for regression. In: 2020 IEEE Security and Privacy Workshops (SPW), pp. 208–214 (2020). https://doi.org/10.1109/SPW50608.2020.00050
Cheng, S.: BCCD dataset (2018). https://github.com/Shenggan/BCCD_Dataset
Chiang, P.H., Chan, C.S., Wu, S.H.: Adversarial pixel masking: a defense against physical attacks for pre-trained object detectors. In: Proceedings of the 29th ACM International Conference on Multimedia, MM 2021, pp. 1856–1865. Association for Computing Machinery, New York, NY, USA (2021). https://doi.org/10.1145/3474085.3475338
Dusenberry, M., Hu, F.: Deep learning for breast cancer mitosis detection (2018)
Endsley, M.: Toward a theory of situation awareness in dynamic systems. Hum. Factors 37(1), 32–64 (1995). https://doi.org/10.1518/001872095779049543
Finlayson, S.G., Bowers, J.D., Ito, J., Zittrain, J.L., Beam, A.L., Kohane, I.S.: Adversarial attacks on medical machine learning. Science 363(6433), 1287–1289 (2019)
Ghosh, S.: Cats faces 64 \(\times \) 64 (for generative models) (2018). https://www.kaggle.com/spandan2/cats-faces-64x64-for-generative-models
Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press, Cambridge (2016). http://www.deeplearningbook.org
Kingma, D.P., Welling, M.: Auto-encoding variational Bayes (2014)
Korpihalkola, J., Sipola, T., Kokkonen, T.: Color-optimized one-pixel attack against digital pathology images. In: Balandin, S., Koucheryavy, Y., Tyutina, T. (eds.) 2021 29th Conference of Open Innovations Association (FRUCT), vol. 29, pp. 206–213. IEEE (2021). https://doi.org/10.23919/FRUCT52173.2021.9435562
Korpihalkola, J., Sipola, T., Puuska, S., Kokkonen, T.: One-pixel attack deceives computer-assisted diagnosis of cancer. In: Proceedings of the 4th International Conference on Signal Processing and Machine Learning (SPML 2021), 18–20 August 2021, Beijing, China. ACM, New York, USA (2021). https://doi.org/10.1145/3483207.3483224
Li, X., Zhu, D.: Robust detection of adversarial attacks on medical images. In: 2020 IEEE 17th International Symposium on Biomedical Imaging (ISBI), pp. 1154–1158 (2020). https://doi.org/10.1109/ISBI45749.2020.9098628
Mazlan, A.U., Sahabudin, N.A.B., Remli, M.A., Ismail, N.S.N., Mohamad, M.S., Warif, N.B.A.: Supervised and unsupervised machine learning for cancer classification: recent development. In: 2021 IEEE International Conference on Automatic Control Intelligent Systems (I2CACIS), pp. 392–395 (2021). https://doi.org/10.1109/I2CACIS52118.2021.9495888
van der Meulen, R.: Build Adaptive Security Architecture into Your Organization (2017). https://www.gartner.com/smarterwithgartner/build-adaptive-security-architecture-into-your-organization/. Accessed 3 Apr 2020
Nayyar, S.: Why healthcare could face unprecedented cyber threats in 2021 (2021). https://www.forbes.com/sites/forbestechcouncil/2021/03/17/why-healthcare-could-face-unprecedented-cyber-threats-in-2021/
Nguyen-Son, H.Q., Thao, T.P., Hidano, S., Bracamonte, V., Kiyomoto, S., Yamaguchi, R.S.: OPA2D: one-pixel attack, detection, and defense in deep neural networks. In: 2021 International Joint Conference on Neural Networks (IJCNN), pp. 1–10 (2021). https://doi.org/10.1109/IJCNN52387.2021.9534332
Rafi, T.H., Shubair, R.M., Farhan, F., Hoque, M.Z., Quayyum, F.M.: Recent advances in computer-aided medical diagnosis using machine learning algorithms with optimization techniques. IEEE Access 9, 137,847–137,868 (2021). https://doi.org/10.1109/ACCESS.2021.3108892
Rogova, G.L., Ilin, R.: Reasoning and decision making under uncertainty and risk for situation management. In: 2019 IEEE Conference on Cognitive and Computational Aspects of Situation Management (CogSIMA), pp. 34–42 (2019). https://doi.org/10.1109/COGSIMA.2019.8724330
Sipola, T., Kokkonen, T.: One-pixel attacks against medical imaging: a conceptual framework. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Ramalho Correia, A.M. (eds.) WorldCIST 2021. AISC, vol. 1365, pp. 197–203. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72657-7_19
Sipola, T., Puuska, S., Kokkonen, T.: Model fooling attacks against medical imaging: a short survey. Inf. Secur. Int. J. 46(2), 215–224 (2020). https://doi.org/10.11610/isij.4615
Strachna, O., Asan, O.: Systems thinking approach to an artificial intelligence reality within healthcare: from hype to value. In: 2021 IEEE International Symposium on Systems Engineering (ISSE), pp. 1–8 (2021). https://doi.org/10.1109/ISSE51541.2021.9582546
Su, J., Vargas, D.V., Sakurai, K.: Attacking convolutional neural network using differential evolution. IPSJ Trans. Comput. Vis. Appl. 11(1), 1–16 (2019)
Su, J., Vargas, D.V., Sakurai, K.: One pixel attack for fooling deep neural networks. IEEE Trans. Evol. Comput. 23(5), 828–841 (2019). https://doi.org/10.1109/TEVC.2019.2890858
Tang, X.: The role of artificial intelligence in medical imaging research. BJR Open 2(1), 20190,031–20190,031 (2019). https://doi.org/10.1259/bjro.20190031, https://pubmed.ncbi.nlm.nih.gov/33178962
Tong, L., et al.: Adversarial sample detection framework based on autoencoder. In: 2020 International Conference on Big Data Artificial Intelligence Software Engineering (ICBASE), pp. 241–245 (2020). https://doi.org/10.1109/ICBASE51474.2020.00058
Veta, M., et al.: Predicting breast tumor proliferation from whole-slide images: the TUPAC16 challenge. Med. Image Anal. 54, 111–121 (2019). https://doi.org/10.1016/j.media.2019.02.012
Wang, P., Cai, Z., Kim, D., Li, W.: Detection mechanisms of one-pixel attack. Wirel. Commun. Mobile Comput. 2021, 8891,204 (2021). https://doi.org/10.1155/2021/8891204
Wlodarczak, P.: Machine Learning and its Applications. CRC Press, Boca Raton, London, New York (2019)
Xu, G., Zong, Y., Yang, Z.: Applied Data Mining. CRC Press, Boca Raton, London, New York (2013)
Xu, H., et al.: Adversarial attacks and defenses in images, graphs and text: a review. Int. J. Autom. Comput. 17(2), 151–178 (2020). https://doi.org/10.1007/s11633-019-1211-x
Acknowledgments
This research was partially funded by Cyber Security Network of Competence Centres for Europe (CyberSec4Europe) project of the Horizon 2020 SU-ICT-03-2018 program. The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alatalo, J., Sipola, T., Kokkonen, T. (2022). Detecting One-Pixel Attacks Using Variational Autoencoders. In: Rocha, A., Adeli, H., Dzemyda, G., Moreira, F. (eds) Information Systems and Technologies. WorldCIST 2022. Lecture Notes in Networks and Systems, vol 468. Springer, Cham. https://doi.org/10.1007/978-3-031-04826-5_60
Download citation
DOI: https://doi.org/10.1007/978-3-031-04826-5_60
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04825-8
Online ISBN: 978-3-031-04826-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)