{
  "id": "2005.11061",
  "version": "v1",
  "published": "2020-05-22T08:54:41.000Z",
  "updated": "2020-05-22T08:54:41.000Z",
  "title": "Vulnerability of deep neural networks for detecting COVID-19 cases from chest X-ray images to universal adversarial attacks",
  "authors": [
    "Hokuto Hirano",
    "Kazuki Koga",
    "Kazuhiro Takemoto"
  ],
  "comment": "17 pages, 5 figures, 3 tables",
  "categories": [
    "cs.CV",
    "cs.CR",
    "cs.LG",
    "eess.IV"
  ],
  "abstract": "Under the epidemic of the novel coronavirus disease 2019 (COVID-19), chest X-ray computed tomography imaging is being used for effectively screening COVID-19 patients. The development of computer-aided systems based on deep neural networks (DNNs) has been advanced, to rapidly and accurately detect COVID-19 cases, because the need for expert radiologists, who are limited in number, forms a bottleneck for the screening. However, so far, the vulnerability of DNN-based systems has been poorly evaluated, although DNNs are vulnerable to a single perturbation, called universal adversarial perturbation (UAP), which can induce DNN failure in most classification tasks. Thus, we focus on representative DNN models for detecting COVID-19 cases from chest X-ray images and evaluate their vulnerability to UAPs generated using simple iterative algorithms. We consider nontargeted UAPs, which cause a task failure resulting in an input being assigned an incorrect label, and targeted UAPs, which cause the DNN to classify an input into a specific class. The results demonstrate that the models are vulnerable to nontargeted and targeted UAPs, even in case of small UAPs. In particular, 2% norm of the UPAs to the average norm of an image in the image dataset achieves >85% and >90% success rates for the nontargeted and targeted attacks, respectively. Due to the nontargeted UAPs, the DNN models judge most chest X-ray images as COVID-19 cases. The targeted UAPs make the DNN models classify most chest X-ray images into a given target class. The results indicate that careful consideration is required in practical applications of DNNs to COVID-19 diagnosis; in particular, they emphasize the need for strategies to address security concerns. As an example, we show that iterative fine-tuning of the DNN models using UAPs improves the robustness of the DNN models against UAPs.",
  "revisions": [
    {
      "version": "v1",
      "updated": "2020-05-22T08:54:41.000Z"
    }
  ],
  "analyses": {
    "keywords": [
      "chest x-ray images",
      "deep neural networks",
      "universal adversarial attacks",
      "dnn models",
      "vulnerability"
    ],
    "note": {
      "typesetting": "TeX",
      "pages": 17,
      "language": "en",
      "license": "arXiv",
      "status": "editable"
    }
  }
}