研究目的
To analyze the vulnerability of two state-of-the-art deep classification networks against ten different adversarial attacks on chest X-ray images.
研究成果
The study found that gradient-based attacks were the most successful in fooling both machine and human, while single pixel attacks failed for gray-level X-ray images. Modifying pooling operations showed that average-pooling could increase resilience to some attacks. The research highlights the vulnerabilities of deep learning models in medical image classification and suggests areas for improving model robustness.
研究不足
The single pixel attack failed to fool the networks for gray-scale X-ray images, indicating a limitation in applying certain adversarial methods to medical imaging. The study also notes that some adversarial images can be detected by the naked eye, suggesting a limitation in the stealthiness of certain attacks.
1:Experimental Design and Method Selection
The study uses two deep models, Inception-ResNet-v2 and Nasnet-Large, to evaluate their performance on classification of both clean and perturbed chest X-ray images. The networks were modified by replacing max-pooling operations with average-pooling to analyze sensitivity against attacks.
2:Sample Selection and Data Sources
The ChestX-ray14 dataset, comprising 112,120 gray-scale images with 14 disease labels and 1 no-finding label, was used. A binary classification task of 'disease' vs. 'non-disease' was formulated.
3:List of Experimental Equipment and Materials
Not explicitly mentioned in the paper.
4:Experimental Procedures and Operational Workflow
The networks were trained from scratch with specific batch sizes and optimizer settings. Adversarial examples were crafted using Foolbox, applying three categories of attacks: gradient-based, score-based, and decision-based.
5:Data Analysis Methods
Performance metrics included accuracy and area under ROC for clean and adversarial attacks. The study also visualized perturbed images and analyzed the perceptibility of attacks.
独家科研数据包,助您复现前沿成果����,加速创新突破
获取完整内容
