Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
144 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Universal Adversarial Framework to Improve Adversarial Robustness for Diabetic Retinopathy Detection (2312.08193v1)

Published 13 Dec 2023 in eess.IV, cs.CV, and cs.LG

Abstract: Diabetic Retinopathy (DR) is a prevalent illness associated with Diabetes which, if left untreated, can result in irreversible blindness. Deep Learning based systems are gradually being introduced as automated support for clinical diagnosis. Since healthcare has always been an extremely important domain demanding error-free performance, any adversaries could pose a big threat to the applicability of such systems. In this work, we use Universal Adversarial Perturbations (UAPs) to quantify the vulnerability of Medical Deep Neural Networks (DNNs) for detecting DR. To the best of our knowledge, this is the very first attempt that works on attacking complete fine-grained classification of DR images using various UAPs. Also, as a part of this work, we use UAPs to fine-tune the trained models to defend against adversarial samples. We experiment on several models and observe that the performance of such models towards unseen adversarial attacks gets boosted on average by $3.41$ Cohen-kappa value and maximum by $31.92$ Cohen-kappa value. The performance degradation on normal data upon ensembling the fine-tuned models was found to be statistically insignificant using t-test, highlighting the benefits of UAP-based adversarial fine-tuning.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. A. Madry, A. Makelov, L. Schmidt, D. Tsipras, and A. Vladu, “Towards Deep Learning Models Resistant to Adversarial Attacks,” International Conference On Learning Representations, 2018. [Online]. Available: https://openreview.net/forum?id=rJzIBfZAb
  2. S. Kaviani, K. Han, and I. Sohn, “Adversarial attacks and defenses on AI in medical imaging informatics: A survey.", Expert Systems With Applications. 198 pp. 116815, 2022. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S095741742200272X
  3. S. Moosavi-Dezfooli, A. Fawzi, O. Fawzi, and P. Frossard, “Universal adversarial perturbations,” Proceedings Of The IEEE Conference On Computer Vision And Pattern Recognition pp. 1765–1773, 2017.
  4. M. Paschali, S. Conjeti, F. Navarro, and N. Navab, “Generalizability vs. Robustness: Investigating Medical Imaging Networks Using Adversarial Examples,” Medical Image Computing And Computer Assisted Intervention – MICCAI 2018. pp. 493–501, 2018.
  5. C. Szegedy, V. Vanhoucke, S. Ioffe, J. Shlens, and Z. Wojna, “Rethinking the Inception Architecture for Computer Vision," arXiv, 2015. [Online]. Available: https://arxiv.org/abs/1512.00567.
  6. C. Szegedy, S. Ioffe, V. Vanhoucke, and A. Alemi, “Inception-v4, Inception-ResNet and the Impact of Residual Connections on Learning,” arXiv,2016. [Online]. Available: https://arxiv.org/abs/1602.07261
  7. A. Howard, M. Zhu, B. Chen, D. Kalenichenko, W. Wang, T. Weyand, M. Andreetto, and H. Adam, “MobileNets: Efficient Convolutional Neural Networks for Mobile Vision Applications,” arXiv, 2017. [Online]. Available: https://arxiv.org/abs/1704.04861
  8. C. Szegedy, S.Ioffe, V. Vanhoucke, and A. Alemi, “Inception-v4, Inception-ResNet and the Impact of Residual Connections on Learning,” arXiv, 2016. [Online]. Available: https://arxiv.org/abs/1602.07261
  9. E. Dugas, “Diabetic Retinopathy Detection.” Kaggle,2015. [Online]. Available: https://kaggle.com/competitions/diabetic-retinopathy-detection
  10. S. Asgari Taghanaki, A. Das, and G. Hamarneh, “Vulnerability Analysis of Chest X-Ray Image Classification Against Adversarial Attacks,” Understanding And Interpreting Machine Learning In Medical Image Computing Applications, pp. 87–94, 2018.
  11. J. Deng, W. Dong, R. Socher, L. Li, K. Li, and L. Fei-Fei, “ImageNet: A large-scale hierarchical image database,” 2009 IEEE Conference On Computer Vision And Pattern Recognition, pp. 248–255, 2009.
  12. K. Ren, T. Zheng, Z. Qin, and X. Liu, “Adversarial Attacks and Defenses in Deep Learning,” Engineering. 6, 346–360, 2020. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S209580991930503X
  13. Z. Liu, H. Mao, C. Wu, C. Feichtenhofer, T. Darrell, and S. Xie, “A ConvNet for the 2020s” arXiv, 2022. [Online]. Available: https://arxiv.org/abs/2201.03545
  14. D. Kingma, and J. Ba, “Adam: A Method for Stochastic Optimization,” arXiv,2014. [Online]. Available: https://arxiv.org/abs/1412.6980
  15. M. Tan, and Q. Le, “EfficientNet: Rethinking Model Scaling for Convolutional Neural Networks,” arXiv, 2019. [Online]. Available: https://arxiv.org/abs/1905.11946
  16. G. Huang, Z. Liu, L. Maaten,and K. Weinberger, “Densely Connected Convolutional Networks,” arXiv, 2016. [Online]. Available: https://arxiv.org/abs/1608.06993
  17. K. He, X. Zhang, S. Ren, and J. Sun, “Deep Residual Learning for Image Recognition,” arXiv,2015. [Online]. Available: https://arxiv.org/abs/1512.03385
  18. J. Xu, Y. Pan, X. Pan, S. Hoi, Z. Yi, and Z. Xu, “RegNet: Self-Regulated Network for Image Classification,” arXiv,2021. [Online]. Available: https://arxiv.org/abs/2101.00590
  19. Y. LeCun, and C. Cortes, “MNIST handwritten digit database”. [Online]. Available: http://yann.lecun.com/exdb/mnist/
  20. L. Breiman, “Bagging predictors”, Machine Learning, 24, pp. 123–140, 1996.
  21. I. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples,” arXiv, 2014. [Online]. Available: https://arxiv.org/abs/1412.6572
  22. R. Wiyatno, and A. Xu, “Maximal Jacobian-based Saliency Map Attack,” arXiv, 2018. [Online]. Available: https://arxiv.org/abs/1808.07945
  23. B. Zoph, V. Vasudevan, J. Shlens, and Q. Le, “Learning Transferable Architectures for Scalable Image Recognition,” arXiv, 2017. [Online]. Available: https://arxiv.org/abs/1707.07012
  24. S. Moosavi-Dezfooli, A. Fawzi, and P. Frossard, “DeepFool: a simple and accurate method to fool deep neural networks” arXiv,2015. [Online]. Available: https://arxiv.org/abs/1511.04599
  25. A. Paszke, S. Gross, F. Massa, A. Lerer, J. Bradbury, G. Chanan, T. Killeen, Z. Lin, N. Gimelshein, L. Antiga, A. Desmaison, A. Kopf, E. Yang, Z. DeVito, M. Raison, A. Tejani, S. Chilamkurthy, B. Steiner, L. Fang, J. Bai, and S. Chintala, “PyTorch: An Imperative Style, High-Performance Deep Learning Library,” Advances In Neural Information Processing Systems, 32, pp. 8024–8035, 2019.
  26. H. Hirano, A. Minagi, and K. Takemoto, “Universal adversarial attacks on deep neural networks for medical image classification,” BMC Medical Imaging, 21, 1–13, 2021.
  27. K. Gopalakrishnan, S. Khaitan, A. Choudhary, A. and A. Agrawal, “Deep Convolutional Neural Networks with transfer learning for computer vision-based data-driven pavement distress detection,” Construction And Building Materials, 157, pp. 322–330, 2017. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0950061817319335
  28. M. Sandler, A. Howard, M. Zhu, A. Zhmoginov, and L. Chen, “MobileNetV2: Inverted Residuals and Linear Bottlenecks,” arXiv,2018. [Online]. Available: https://arxiv.org/abs/1801.04381
  29. X. Li, T. Pang, B. Xiong, W. Liu, P. Liang, and T. Wang, “Convolutional neural networks based transfer learning for diabetic retinopathy fundus image classification,” 10th International Congress On Image And Signal Processing, BioMedical Engineering And Informatics (CISP-BMEI) pp. 1–11, 2017.
  30. K. Thenmozhi, and U. Srinivasulu Reddy, “Crop pest classification based on deep convolutional neural network and transfer learning,”Computers And Electronics In Agriculture. 164 pp. 104906, 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0168169919310695
  31. J. Landis, and G. Koch, “The measurement of observer agreement for categorical data,”Biometrics, 33, 159–174, 1977.
  32. T. Zhou, X. Ye, H. Lu, X. Zheng, S. Qiu, and Y. Liu, “Dense Convolutional Network and Its Application in Medical Image Analysis,” BioMed Research International, 2022, pp. 2384830, 2022. [Online]. Available: https://doi.org/10.1155/2022/2384830
  33. M. Gao, P. Song, F. Wang, J. Liu, A. Mandelis, and D. Qi,“A Novel Deep Convolutional Neural Network Based on ResNet-18 and Transfer Learning for Detection of Wood Knot Defects,” Journal Of Sensors, 2021, pp. 4428964. [Online]. Available: https://doi.org/10.1155/2021/4428964
  34. S. Ren, K. He, R. Girshick, and J. Sun,“Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks,” arXiv,2015. [Online]. Available: https://arxiv.org/abs/1506.01497
  35. Z. Swati, Q. Zhao, M. Kabir, F. Ali, Z. Ali, S. Ahmed, and J. Lu, “Brain tumor classification for MR images using transfer learning and fine-tuning,” Computerized Medical Imaging And Graphics, 75, pp. 34–46, 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S0895611118305937

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now