TY - GEN
T1 - Adversarial Vulnerability of Deep Learning Models in Analyzing Next Generation Sequencing Data
AU - Meiseles, Amiel
AU - Rosenberg, Ishai
AU - Motro, Yair
AU - Rokach, Lior
AU - Moran-Gilad, Jacob
N1 - Publisher Copyright:
© 2020 IEEE.
PY - 2020/12/16
Y1 - 2020/12/16
N2 - Deep Neural Networks (DNN) can be effectively used to accurately identify infectious pathogens. Unfortunately, DNNs can be exploited by bioterrorists, using adversarial attacks, to stage a fake super-bug outbreak or to hide the extent of a super-bug outbreak. In this work, we show how a DNN that performs superb classification o f c gMLST p rofiles ca n be exploited using adversarial attacks. To this end, we train a novel DNN model, Methicillin Resistance Classification Network (MRCN), which identifies s trains o f t he S taph b acteria t hat are resistant to an antibiotic named methicillin with 93.8 percent accuracy, using Core Genome Multi-Locus Sequence Typing (cgMLST) profiles. To defend a gainst this kind of exploitation, we train a second DNN model, Synthetic Profile Classifier (SPC), which can differentiate between natural Staph bacteria and generic synthetic Staph bacteria with 92.3 percent accuracy. Our experiments show that the MRCN model is highly susceptible to multiple adversarial attacks and that the defenses we propose are not able to provide effective protection against them. As a result, a bioterrorist would be able to utilize the compromised DNN model to inflict immense damage by s taging a fake epidemic or delaying the detection of an epidemic, allowing it to proliferate undeterred.
AB - Deep Neural Networks (DNN) can be effectively used to accurately identify infectious pathogens. Unfortunately, DNNs can be exploited by bioterrorists, using adversarial attacks, to stage a fake super-bug outbreak or to hide the extent of a super-bug outbreak. In this work, we show how a DNN that performs superb classification o f c gMLST p rofiles ca n be exploited using adversarial attacks. To this end, we train a novel DNN model, Methicillin Resistance Classification Network (MRCN), which identifies s trains o f t he S taph b acteria t hat are resistant to an antibiotic named methicillin with 93.8 percent accuracy, using Core Genome Multi-Locus Sequence Typing (cgMLST) profiles. To defend a gainst this kind of exploitation, we train a second DNN model, Synthetic Profile Classifier (SPC), which can differentiate between natural Staph bacteria and generic synthetic Staph bacteria with 92.3 percent accuracy. Our experiments show that the MRCN model is highly susceptible to multiple adversarial attacks and that the defenses we propose are not able to provide effective protection against them. As a result, a bioterrorist would be able to utilize the compromised DNN model to inflict immense damage by s taging a fake epidemic or delaying the detection of an epidemic, allowing it to proliferate undeterred.
UR - http://www.scopus.com/inward/record.url?scp=85100352000&partnerID=8YFLogxK
U2 - 10.1109/BIBM49941.2020.9313421
DO - 10.1109/BIBM49941.2020.9313421
M3 - Conference contribution
AN - SCOPUS:85100352000
T3 - Proceedings - 2020 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2020
SP - 464
EP - 468
BT - Proceedings - 2020 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2020
A2 - Park, Taesung
A2 - Cho, Young-Rae
A2 - Hu, Xiaohua Tony
A2 - Yoo, Illhoi
A2 - Woo, Hyun Goo
A2 - Wang, Jianxin
A2 - Facelli, Julio
A2 - Nam, Seungyoon
A2 - Kang, Mingon
PB - Institute of Electrical and Electronics Engineers
T2 - 2020 IEEE International Conference on Bioinformatics and Biomedicine, BIBM 2020
Y2 - 16 December 2020 through 19 December 2020
ER -