CICI: SIVD: Discover and defend cyber vulnerabilities of deep learning medical diagnosis models to adversarial attacks

This project aims to discover cyber vulnerabilities of deep learning-enabled medical imaging diagnosis tools against adversarial attacks and to develop defensive approaches in pursuit of safe artificial intelligence for healthcare. Artificial intelligence technologies, especially deep learning, have achieved remarkable success in the medical domain.

Newly advanced adversarial attacks pose a new threat to cybersecurity of medical artificial intelligence diagnosis tools, but little is known about the characteristics and behaviors of this threat. While artificial intelligence tools are increasingly being incorporated in medical imaging informatics infrastructures, it is imminent to gain cybersecurity insights on medical context-motivated adversarial attacks for designing solutions to defend this threat.

Medical adversarial attacks may lead to serious consequences including patient harm, liability of healthcare providers, and other ethical issues or crimes. It is imperative to study this emerging cybersecurity issue to mitigate the potential consequences and to ensure the safety of health care. This study contributes to providing safety evaluation and protective measures to medical imaging-based artificial intelligence diagnosis devices and clinical informatics infrastructures, and it sets the stage for researchers and regulatory agencies to investigate artificial intelligence-induced cybersecurity science and engineering issues in the medical domain.

This study advances scientific discovery, clinical deployment, and practical applications of safe artificial intelligence medical systems, ultimately benefiting patient care, the general public, and society at large.

The technical goal of this study is to investigate mechanisms of generative adversarial network-generated medical imaging adversarial attacks, analyze behaviors of an artificial intelligence diagnosis system under such attacks, and develop various defensive strategies and methods. Generative adversarial network models are customized to generate medical context-motivated adversarial samples by “inserting” or “removing” malignant lesions in a varying resolution of digital mammogram images while maintaining the manipulated images to be visually imperceptible to true images.

Four representative defensive methods, including the strategy of combining computational algorithms and human expert knowledge, are examined for defending against adversarial attacks. This project contributes algorithms, educational materials, and critical insights to bolster further research activities along the line of medical artificial intelligence cybersecurity.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.