Miss the Point: Targeted Adversarial Attack on Multiple Landmark Detection
Autor: | S. Kevin Zhou, Hu Han, Zecheng He, Qingsong Yao |
---|---|
Rok vydání: | 2020 |
Předmět: |
Landmark
Computer science business.industry Pattern recognition Convolutional neural network 030218 nuclear medicine & medical imaging Image (mathematics) 03 medical and health sciences 0302 clinical medicine Segmentation Artificial intelligence business Divergence (statistics) 030217 neurology & neurosurgery Vulnerability (computing) |
Zdroj: | Medical Image Computing and Computer Assisted Intervention – MICCAI 2020 ISBN: 9783030597184 MICCAI (4) |
DOI: | 10.1007/978-3-030-59719-1_67 |
Popis: | Recent methods in multiple landmark detection based on deep convolutional neural networks (CNNs) reach high accuracy and improve traditional clinical workflow. However, the vulnerability of CNNs to adversarial-example attacks can be easily exploited to break classification and segmentation tasks. This paper is the first to study how fragile a CNN-based model on multiple landmark detection to adversarial perturbations. Specifically, we propose a novel Adaptive Targeted Iterative FGSM (ATI-FGSM) attack against the state-of-the-art models in multiple landmark detection. The attacker can use ATI-FGSM to precisely control the model predictions of arbitrarily selected landmarks, while keeping other stationary landmarks still, by adding imperceptible perturbations to the original image. A comprehensive evaluation on a public dataset for cephalometric landmark detection demonstrates that the adversarial examples generated by ATI-FGSM break the CNN-based network more effectively and efficiently, compared with the original Iterative FGSM attack. Our work reveals serious threats to patients’ health. Furthermore, we discuss the limitations of our method and provide potential defense directions, by investigating the coupling effect of nearby landmarks, i.e., a major source of divergence in our experiments. Our source code is available at https://github.com/qsyao/attack_landmark_detection. |
Databáze: | OpenAIRE |
Externí odkaz: |