Vulnerability in Deep Transfer Learning Models to Adversarial Fast Gradient Sign Attack for COVID-19 Prediction from Chest Radiography Images Research Details

Vulnerability in Deep Transfer Learning Models to Adversarial Fast Gradient Sign Attack for COVID-19 Prediction from Chest Radiography Images

07, May 2021 |

Authors:

Pal Debashis Gupta Md. Rashed-Al-Mahfuz Salem A. Alyami Mohammad Ali Moni

Abstract

The COVID-19 pandemic requires the rapid isolation of infected patients. Thus, high- sensitivity radiology images could be a key technique to diagnose patients besides the polymerase chain reaction approach. Deep learning algorithms are proposed in several studies to detect COVID- 19 symptoms due to the success in chest radiography image classification, cost efficiency, lack of expert radiologists, and the need for faster processing in the pandemic area. Most of the promising algorithms proposed in different studies are based on pre-trained deep learning models. Such open-source models and lack of variation in the radiology image-capturing environment make the diagnosis system vulnerable to adversarial attacks such as fast gradient sign method (FGSM) attack. This study therefore explored the potential vulnerability of pre-trained convolutional neural network algorithms to the FGSM attack in terms of two frequently used models, VGG16 and Inception- v3. Firstly, we developed two transfer learning models for X-ray and CT image-based COVID-19 classification and analyzed the performance extensively in terms of accuracy, precision, recall, and AUC. Secondly, our study illustrates that misclassification can occur with a very minor perturbation magnitude, such as 0.009 and 0.003 for the FGSM attack in these models for X-ray and CT images, respectively, without any effect on the visual perceptibility of the perturbation. In addition, we demonstrated that successful FGSM attack can decrease the classification performance to 16.67% and 55.56% for X-ray images, as well as 36% and 40% in the case of CT images for VGG16 and Inception-v3, respectively, without any human-recognizable perturbation effects in the adversarial images. Finally, we analyzed that correct class probability of any test image which is supposed to be 1, can drop for both considered models and with increased perturbation; it can drop to 0.24 and 0.17 for the VGG16 model in cases of X-ray and CT images, respectively. Thus, despite the need for data sharing and automated diagnosis, practical deployment of such program requires more robustness.

COVID-19 deep learning adversarial attack FGSM attack radiology images

Recent Researches

Changes in Prevalence and Determinants of Self-Reported Hypertension among Bangladeshi Older Adults during the COVID-19 Pandemic

Assessing gender responsiveness of COVID-19 response plans for populations in conflict-affected humanitarian emergencies

COVID-19 vaccination coverage is extremely low among older population in Bangladesh: findings from a cross-sectional study

COVID-19 reinfections among naturally infected and vaccinated individuals

COVID-19 and Bangladeshi health professionals: Infection status, vaccination and its immediate health consequences

Correlation of antigen-specific immune response with disease severity among COVID-19 patients in Bangladesh

Coping strategies that motivated frontline nurses while caring for the COVID-19 patients during the pandemic: A scoping review

Computational identification of host genomic biomarkers highlighting their functions, pathways and regulators that influence SARS-CoV-2 infections and drug repurposing

Comparative Clinical Characteristics, Laboratory Findings, and Outcomes of Hypoxemic and Non-Hypoxemic Patients Treated at a Makeshift COVID-19 Unit in Bangladesh: A Retrospective Chart Analysis

Common genetic aspects between COVID-19 and sarcoidosis: A network-based approach using gene expression data