The Security of Deep Learning Defenses in Medical Imaging

Moshe Levy; Guy Amit; Yuval Elovici; Yisroel Mirsky

doi:10.1145/3689942.3694746

The Security of Deep Learning Defenses in Medical Imaging

Moshe Levy, Guy Amit, Yuval Elovici, Yisroel Mirsky

Department of Software and Information Systems Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Deep learning has shown great promise in the medical image analysis domain. Medical professionals and healthcare providers have begun to adopt this technology to accelerate and enhance their work. These systems use deep neural networks (DNNs) which are vulnerable to adversarial samples: images with imperceivable changes that can alter the model's prediction. Prior research has proposed defenses aimed at making DNNs more robust or detecting the adversarial samples before they can do any harm. However, none of the studies considered an informed attacker capable of adapting the attack to the defense mechanism. In this qualitative study, we show that an informed attacker can evade five advanced defenses, successfully fooling the victim deep learning model and rendering the defense useless. We also propose two alternative means of securing healthcare DNNs from such attacks: (1) hardening the system's security, and (2) using digital signatures.

Original language	English
Title of host publication	HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with
Subtitle of host publication	CCS 2024
Publisher	Association for Computing Machinery, Inc
Pages	37-44
Number of pages	8
ISBN (Electronic)	9798400712388
DOIs	https://doi.org/10.1145/3689942.3694746
State	Published - 21 Nov 2024
Event	2024 Workshop on Cybersecurity in Healthcare, HealthSec 2024 - Salt Lake City, United States Duration: 14 Oct 2024 → 18 Oct 2024

Publication series

Name	HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024

Conference

Conference	2024 Workshop on Cybersecurity in Healthcare, HealthSec 2024
Country/Territory	United States
City	Salt Lake City
Period	14/10/24 → 18/10/24

Keywords

adaptive adversarial attacks
deep learning

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Computer Networks and Communications
General Medicine

Access to Document

10.1145/3689942.3694746

Cite this

Levy, M., Amit, G., Elovici, Y., & Mirsky, Y. (2024). The Security of Deep Learning Defenses in Medical Imaging. In HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024 (pp. 37-44). (HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024). Association for Computing Machinery, Inc. https://doi.org/10.1145/3689942.3694746

Levy, Moshe ; Amit, Guy ; Elovici, Yuval et al. / The Security of Deep Learning Defenses in Medical Imaging. HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024. Association for Computing Machinery, Inc, 2024. pp. 37-44 (HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024).

@inproceedings{c12ae468436141ae83c8e40d5e250d5f,

title = "The Security of Deep Learning Defenses in Medical Imaging",

abstract = "Deep learning has shown great promise in the medical image analysis domain. Medical professionals and healthcare providers have begun to adopt this technology to accelerate and enhance their work. These systems use deep neural networks (DNNs) which are vulnerable to adversarial samples: images with imperceivable changes that can alter the model's prediction. Prior research has proposed defenses aimed at making DNNs more robust or detecting the adversarial samples before they can do any harm. However, none of the studies considered an informed attacker capable of adapting the attack to the defense mechanism. In this qualitative study, we show that an informed attacker can evade five advanced defenses, successfully fooling the victim deep learning model and rendering the defense useless. We also propose two alternative means of securing healthcare DNNs from such attacks: (1) hardening the system's security, and (2) using digital signatures.",

keywords = "adaptive adversarial attacks, deep learning",

author = "Moshe Levy and Guy Amit and Yuval Elovici and Yisroel Mirsky",

note = "Publisher Copyright: {\textcopyright} 2023 Owner/Author.; 2024 Workshop on Cybersecurity in Healthcare, HealthSec 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = nov,

day = "21",

doi = "10.1145/3689942.3694746",

language = "English",

series = "HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024",

publisher = "Association for Computing Machinery, Inc",

pages = "37--44",

booktitle = "HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with",

}

Levy, M, Amit, G, Elovici, Y & Mirsky, Y 2024, The Security of Deep Learning Defenses in Medical Imaging. in HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024. HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024, Association for Computing Machinery, Inc, pp. 37-44, 2024 Workshop on Cybersecurity in Healthcare, HealthSec 2024, Salt Lake City, United States, 14/10/24. https://doi.org/10.1145/3689942.3694746

The Security of Deep Learning Defenses in Medical Imaging. / Levy, Moshe; Amit, Guy; Elovici, Yuval et al.
HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024. Association for Computing Machinery, Inc, 2024. p. 37-44 (HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - The Security of Deep Learning Defenses in Medical Imaging

AU - Levy, Moshe

AU - Amit, Guy

AU - Elovici, Yuval

AU - Mirsky, Yisroel

PY - 2024/11/21

Y1 - 2024/11/21

N2 - Deep learning has shown great promise in the medical image analysis domain. Medical professionals and healthcare providers have begun to adopt this technology to accelerate and enhance their work. These systems use deep neural networks (DNNs) which are vulnerable to adversarial samples: images with imperceivable changes that can alter the model's prediction. Prior research has proposed defenses aimed at making DNNs more robust or detecting the adversarial samples before they can do any harm. However, none of the studies considered an informed attacker capable of adapting the attack to the defense mechanism. In this qualitative study, we show that an informed attacker can evade five advanced defenses, successfully fooling the victim deep learning model and rendering the defense useless. We also propose two alternative means of securing healthcare DNNs from such attacks: (1) hardening the system's security, and (2) using digital signatures.

AB - Deep learning has shown great promise in the medical image analysis domain. Medical professionals and healthcare providers have begun to adopt this technology to accelerate and enhance their work. These systems use deep neural networks (DNNs) which are vulnerable to adversarial samples: images with imperceivable changes that can alter the model's prediction. Prior research has proposed defenses aimed at making DNNs more robust or detecting the adversarial samples before they can do any harm. However, none of the studies considered an informed attacker capable of adapting the attack to the defense mechanism. In this qualitative study, we show that an informed attacker can evade five advanced defenses, successfully fooling the victim deep learning model and rendering the defense useless. We also propose two alternative means of securing healthcare DNNs from such attacks: (1) hardening the system's security, and (2) using digital signatures.

KW - adaptive adversarial attacks

KW - deep learning

UR - http://www.scopus.com/inward/record.url?scp=85215091793&partnerID=8YFLogxK

U2 - 10.1145/3689942.3694746

DO - 10.1145/3689942.3694746

M3 - Conference contribution

AN - SCOPUS:85215091793

T3 - HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024

SP - 37

EP - 44

BT - HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with

PB - Association for Computing Machinery, Inc

T2 - 2024 Workshop on Cybersecurity in Healthcare, HealthSec 2024

Y2 - 14 October 2024 through 18 October 2024

ER -

Levy M, Amit G, Elovici Y , Mirsky Y. The Security of Deep Learning Defenses in Medical Imaging. In HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024. Association for Computing Machinery, Inc. 2024. p. 37-44. (HealthSec 2024 - Proceedings of the 2024 Workshop on Cybersecurity in Healthcare, Co-Located with: CCS 2024). doi: 10.1145/3689942.3694746

The Security of Deep Learning Defenses in Medical Imaging

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this