A multi-layered defense against adversarial attacks in brain tumor classification using ensemble adversarial training and feature squeezing.

in Scientific reports by Ahmeed Yinusa, Misa Faezipour

TLDR

  • A VGG16-based CNN model achieved 96% accuracy on clean MRI data but was vulnerable to adversarial attacks.
  • A multi-layered defense strategy improved the model's resilience, achieving 54% accuracy on FGSM and 47% on PGD adversarial examples.
  • The study highlights the importance of proactive defense strategies for maintaining the reliability of AI in medical imaging.

Abstract

Deep learning, particularly convolutional neural networks (CNNs), has proven valuable for brain tumor classification, aiding diagnostic and therapeutic decisions in medical imaging. Despite their accuracy, these models are vulnerable to adversarial attacks, compromising their reliability in clinical settings. In this research, we utilized a VGG16-based CNN model to classify brain tumors, achieving 96% accuracy on clean magnetic resonance imaging (MRI) data. To assess robustness, we exposed the model to Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) attacks, which reduced accuracy to 32% and 13%, respectively. We then applied a multi-layered defense strategy, including adversarial training with FGSM and PGD examples and feature squeezing techniques such as bit-depth reduction and Gaussian blurring. This approach improved model resilience, achieving 54% accuracy on FGSM and 47% on PGD adversarial examples. Our results highlight the importance of proactive defense strategies for maintaining the reliability of AI in medical imaging under adversarial conditions.

Overview

  • The study focuses on the classification of brain tumors using a VGG16-based CNN model, achieving 96% accuracy on clean MRI data.
  • The model's robustness is tested against Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) attacks, which significantly reduce its accuracy.
  • A multi-layered defense strategy is proposed to improve the model's resilience, combining adversarial training and feature squeezing techniques.

Comparative Analysis & Findings

  • The CNN model achieved 96% accuracy on clean MRI data, but its accuracy dropped to 32% under FGSM attacks and 13% under PGD attacks.
  • The proposed defense strategy improved the model's accuracy to 54% on FGSM adversarial examples and 47% on PGD adversarial examples.
  • The results highlight the importance of proactive defense strategies for maintaining the reliability of AI in medical imaging under adversarial conditions.

Implications and Future Directions

  • The study emphasizes the need for robust defense strategies to ensure the reliability of AI models in medical imaging.
  • Future research could explore more advanced defense strategies and evaluate them against different types of attacks.
  • The incorporation of multi-modal imaging data (e.g., MRI, CT, and PET scans) may enhance the model's robustness and accuracy.
Read Full Article