Adversarial Attack and Defence through Adversarial Training and Feature Fusion for Diabetic Retinopathy Recognition

Due to the rapid growth in artificial intelligence (AI) and deep learning (DL) approaches, the security and robustness of the deployed algorithms need to be guaranteed. The security susceptibility of the DL algorithms to adversarial examples has been widely acknowledged. The artificially created examples will lead to different instances negatively identified by the DL models that are humanly considered benign. Practical application in actual physical scenarios with adversarial threats shows their features. Thus, adversarial attacks and defense, including machine learning and its reliability, have drawn growing interest and, in recent years, has been a hot topic of research. We introduce a framework that provides a defensive model against the adversarial speckle-noise attack, the adversarial training, and a feature fusion strategy, which preserves the classification with correct labelling. We evaluate and analyze the adversarial attacks and defenses on the retinal fundus images for the Diabetic Retinopathy recognition problem, which is considered a state-of-the-art endeavor. Results obtained on the retinal fundus images, which are prone to adversarial attacks, are 99% accurate and prove that the proposed defensive model is robust.

[1]  Yong Man Ro,et al.  Investigating Vulnerability to Adversarial Examples on Multimodal Data Fusion in Deep Learning , 2020, ArXiv.

[2]  Syed Ahmad Chan Bukhari,et al.  A citrus fruits and leaves dataset for detection and classification of citrus diseases through machine learning , 2019, Data in brief.

[3]  Mani Srivastava,et al.  GenAttack: practical black-box attacks with gradient-free optimization , 2018, GECCO.

[4]  Sheema Shuja Khattak,et al.  Automatic detection and severity classification of diabetic retinopathy , 2020, Multimedia Tools and Applications.

[5]  Xia Hu,et al.  Adversarial Machine Learning: An Interpretation Perspective , 2020, ArXiv.

[6]  Shiyu Li,et al.  Defend Against Adversarial Samples by Using Perceptual Hash , 2020, Computers, Materials & Continua.

[7]  Robert Sabourin,et al.  Characterizing and Evaluating Adversarial Examples for Offline Handwritten Signature Verification , 2019, IEEE Transactions on Information Forensics and Security.

[8]  Seifedine Kadry,et al.  Detection of diabetic retinopathy using a fusion of textural and ridgelet features of retinal images and sequential minimal optimization classifier , 2021, PeerJ Comput. Sci..

[9]  Amir Nazemi,et al.  Potential adversarial samples for white-box attacks , 2019, ArXiv.

[10]  Ning Zheng,et al.  Deep Model Poisoning Attack on Federated Learning , 2021, Future Internet.

[11]  Agma J. M. Traina,et al.  An Efficient Algorithm for Fractal Analysis of Textures , 2012, 2012 25th SIBGRAPI Conference on Graphics, Patterns and Images.

[12]  H. Alkadhi,et al.  Radiomics in medical imaging—“how-to” guide and critical reflection , 2020, Insights into Imaging.

[13]  Mayank Vatsa,et al.  Image Transformation-Based Defense Against Adversarial Perturbation on Deep Learning Models , 2021, IEEE Transactions on Dependable and Secure Computing.

[14]  H R Taylor,et al.  Prevalence of diabetic retinopathy in Type 2 diabetes in developing and developed countries , 2013, Diabetic medicine : a journal of the British Diabetic Association.

[15]  Waqar Mehmood,et al.  Breast Cancer Detection and Classification using Traditional Computer Vision Techniques: A Comprehensive Review. , 2020, Current medical imaging.

[16]  Honglak Lee,et al.  Efficient Adversarial Training With Transferable Adversarial Examples , 2019, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[17]  Alexander Levine,et al.  (De)Randomized Smoothing for Certifiable Defense against Patch Attacks , 2020, NeurIPS.

[18]  Mazin Abed Mohammed,et al.  Comprehensive review of retinal blood vessel segmentation and classification techniques: intelligent solutions for green computing in medical images, current challenges, open issues, and knowledge gaps in fundus medical images , 2021, Network Modeling Analysis in Health Informatics and Bioinformatics.

[19]  Yang Zhao,et al.  Adversarial Vulnerability in Doppler-based Human Activity Recognition , 2020, 2020 International Joint Conference on Neural Networks (IJCNN).

[20]  Pin-Yu Chen,et al.  Attacking the Madry Defense Model with L1-based Adversarial Examples , 2017, ICLR.

[21]  Fernando Fernández,et al.  Learning adversarial attack policies through multi-objective reinforcement learning , 2020, Eng. Appl. Artif. Intell..

[22]  Germain Forestier,et al.  Adversarial Attacks on Deep Neural Networks for Time Series Classification , 2019, 2019 International Joint Conference on Neural Networks (IJCNN).

[23]  Hao Chen,et al.  MagNet: A Two-Pronged Defense against Adversarial Examples , 2017, CCS.

[24]  Anh Nguyen,et al.  VectorDefense: Vectorization as a Defense to Adversarial Examples , 2018, Studies in Computational Intelligence.

[25]  N. Otsu A threshold selection method from gray level histograms , 1979 .

[26]  Will N. Browne,et al.  Lateralized learning for robustness against adversarial attacks in a visual classification system , 2020, GECCO.

[27]  Craig Kuziemsky,et al.  Role of Artificial Intelligence within the Telehealth Domain , 2019, Yearbook of Medical Informatics.

[28]  Xiaowen Huang,et al.  Adversarial Privacy-preserving Filter , 2020, ACM Multimedia.

[29]  Ya Li,et al.  Transferable, Controllable, and Inconspicuous Adversarial Attacks on Person Re-identification With Deep Mis-Ranking , 2020, 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[30]  Ali Farhadi,et al.  YOLOv3: An Incremental Improvement , 2018, ArXiv.

[31]  Saleh Albahli,et al.  Identification of Thoracic Diseases by Exploiting Deep Neural Networks , 2021 .

[32]  Aminul Huq,et al.  Adversarial Attacks and Defense on Textual Data: A Review , 2020 .

[33]  Yingwei Li,et al.  Volumetric Medical Image Segmentation: A 3D Deep Coarse-to-Fine Framework and Its Adversarial Examples , 2020, Deep Learning and Convolutional Neural Networks for Medical Imaging and Clinical Informatics.

[34]  P. Lambin,et al.  Radiomics: the bridge between medical imaging and personalized medicine , 2017, Nature Reviews Clinical Oncology.

[35]  Xiaoyi Zhou,et al.  A Reversible Watermarking System for Medical Color Images: Balancing Capacity, Imperceptibility, and Robustness , 2021, Electronics.

[36]  Mazin Abed Mohammed,et al.  Voice Pathology Detection and Classification Using Convolutional Neural Network Model , 2020, Applied Sciences.

[37]  Saleh Albahli,et al.  AI-driven deep CNN approach for multi-label pathology classification using chest X-Rays , 2021, PeerJ Comput. Sci..

[38]  Bill Triggs,et al.  Histograms of oriented gradients for human detection , 2005, 2005 IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'05).

[39]  David A. Wagner,et al.  Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples , 2018, ICML.

[40]  Abhimanyu S. Ahuja,et al.  The impact of artificial intelligence in medicine on the future role of the physician , 2019, PeerJ.

[41]  Harshvardhan Tibrewal,et al.  Self-Supervision vs. Transfer Learning: Robust Biomedical Image Analysis Against Adversarial Attacks , 2020, 2020 IEEE 17th International Symposium on Biomedical Imaging (ISBI).

[42]  Mazin Abed Mohammed,et al.  MAFC: Multi-Agent Fog Computing Model for Healthcare Critical Tasks Management , 2020, Sensors.

[43]  Dorin Comaniciu,et al.  No Surprises: Training Robust Lung Nodule Detection for Low-Dose CT Scans by Augmenting With Adversarial Attacks , 2021, IEEE Transactions on Medical Imaging.

[44]  Wei Liu,et al.  Efficient Decision-Based Black-Box Adversarial Attacks on Face Recognition , 2019, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[45]  Nima Tajbakhsh,et al.  Embracing Imperfect Datasets: A Review of Deep Learning Solutions for Medical Image Segmentation , 2019, Medical Image Anal..

[46]  Karrar Hameed Abdulkareem,et al.  A Multi-agent Feature Selection and Hybrid Classification Model for Parkinson's Disease Diagnosis , 2021, ACM Trans. Multim. Comput. Commun. Appl..

[47]  Sakshi Arora,et al.  Computer-Vision Based Diagnosis of Parkinson’s Disease via Gait: A Survey , 2019, IEEE Access.

[48]  Manisha Verma,et al.  One word at a time: adversarial attacks on retrieval models , 2020, ArXiv.

[49]  Weisi Lin,et al.  Adversarial Exposure Attack on Diabetic Retinopathy Imagery , 2020, ArXiv.

[50]  Syed Jawad Hussain Shah,et al.  Visual features based automated identification of fish species using deep convolutional neural networks , 2019, Comput. Electron. Agric..

[51]  Adriana Romero,et al.  Active MR k-space Sampling with Reinforcement Learning , 2020, MICCAI.

[52]  Danda B. Rawat,et al.  Study of Adversarial Machine Learning with Infrared Examples for Surveillance Applications , 2020 .

[53]  Xiaohui Kuang,et al.  Boosting Targeted Black-Box Attacks via Ensemble Substitute Training and Linear Augmentation , 2019, Applied Sciences.

[54]  Yan Feng,et al.  Hilbert-Based Generative Defense for Adversarial Examples , 2019, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[55]  Daniel Kroening,et al.  A survey of safety and trustworthiness of deep neural networks: Verification, testing, adversarial attack and defence, and interpretability , 2018, Comput. Sci. Rev..

[56]  Yuval Elovici,et al.  Spoofing Attack on Ultrasonic Distance Sensors Using a Continuous Signal , 2020, Sensors.

[57]  Matti Pietikäinen,et al.  A comparative study of texture measures with classification based on featured distributions , 1996, Pattern Recognit..

[58]  Daniel Rueckert,et al.  Realistic Adversarial Data Augmentation for MR Image Segmentation , 2020, MICCAI.

[59]  Quan Z. Sheng,et al.  Adversarial Attacks on Deep Learning Models in Natural Language Processing: A Survey , 2019 .

[60]  Xiangyu Zhang,et al.  Black-box Adversarial Sample Generation Based on Differential Evolution , 2020, J. Syst. Softw..

[61]  Rafael Rieder,et al.  Computer vision and artificial intelligence in precision agriculture for grain crops: A systematic review , 2018, Comput. Electron. Agric..

[62]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[63]  Debdeep Mukhopadhyay,et al.  Adversarial Attacks and Defences: A Survey , 2018, ArXiv.

[64]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[65]  Subhashini Venugopalan,et al.  Development and Validation of a Deep Learning Algorithm for Detection of Diabetic Retinopathy in Retinal Fundus Photographs. , 2016, JAMA.

[66]  António J. R. Neves,et al.  Facial Expression Recognition Using Computer Vision: A Systematic Review , 2019, Applied Sciences.

[67]  Eduardo Valle,et al.  Adversarial Images for Variational Autoencoders , 2016, ArXiv.

[68]  Dmitry Goldgof,et al.  Mitigating Adversarial Attacks on Medical Image Understanding Systems , 2020, 2020 IEEE 17th International Symposium on Biomedical Imaging (ISBI).

[69]  Luca Rigazio,et al.  Towards Deep Neural Network Architectures Robust to Adversarial Examples , 2014, ICLR.

[70]  Kazuhiro Takemoto,et al.  Universal adversarial attacks on deep neural networks for medical image classification , 2020, BMC Medical Imaging.

[71]  Kui Ren,et al.  Adversarial Attacks and Defenses in Deep Learning , 2020, Engineering.

[72]  Yanjun Qi,et al.  Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks , 2017, NDSS.

[73]  L. Deng,et al.  The MNIST Database of Handwritten Digit Images for Machine Learning Research [Best of the Web] , 2012, IEEE Signal Processing Magazine.

[74]  Xiaojiang Du,et al.  Adversarial Attacks for Image Segmentation on Multiple Lightweight Models , 2020, IEEE Access.

[75]  Yi Ding,et al.  DeepEDN: A Deep-Learning-Based Image Encryption and Decryption Network for Internet of Medical Things , 2020, IEEE Internet of Things Journal.

[76]  David A. Wagner,et al.  Background Class Defense Against Adversarial Examples , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[77]  Zhanxing Zhu,et al.  Adversarial attacks on Faster R-CNN object detector , 2020, Neurocomputing.

[78]  Qihe Liu,et al.  Review of Artificial Intelligence Adversarial Attack and Defense Technologies , 2019, Applied Sciences.

[79]  Achyut Mani Tripathi,et al.  Fuzzy Unique Image Transformation: Defense Against Adversarial Attacks On Deep COVID-19 Models , 2020, ArXiv.

[80]  Rytis Maskeliunas,et al.  Fuzzy based image edge detection algorithm for blood vessel detection in retinal images , 2020, Appl. Soft Comput..

[81]  Simon K. Warfield,et al.  Deep learning with noisy labels: exploring techniques and remedies in medical image analysis , 2020, Medical Image Anal..