Research of DNN Adversarial Attack on COVID-19 CT Image Dataset

doi:10.3778/j.issn.1002-8331.2007-0204

Abstract

Abstract: In the research of applying deep learning to intelligent COVID-19 CT recognition, a large number of researchers train DNN models to understand the content of medical image, and assist in the diagnosis of the COVID-19. Firstly, this paper proposes the AMDRC-Net architecture, in which the residual structure solves the network degradation problem through identity mapping. However, the residual structure hinders the exploration of new features, and the long and short attention guidance mechanism is inspired by the latest research such as the attention mechanism. Afterwards, it focuses on the security of deep learning models and discusses the adversarial attack based on gradient ascent. In order to solve the problem of singularity, the long and short attention mechanism is used to increase effective counter disturbances while reducing redundant disturbances. Then, the counterattack attacks proposed algorithm A-IM-FGSM transforms the adversarial attack problem into an adaptive constraint problem, that is, the idea of micro-transformation can be used in iterative attacks to explore the relationship between the attention guidance mechanism and DNN adversarial attack. In the final experiments, the AMDRC-Net is used for model training on the COVID-19 CT dataset, the comparison experiments, visualization experiments, and adversarial attack experiments are completed.

Key words: COVID-19 CT image, attention mechanism, deep learning, DNN adversarial attacks

摘要： 在深度学习应用于新型冠状肺炎CT智能识别的研究中，大量研究人员通过构建深度神经网络训练模型，从而理解医学影像数据内容，辅助新冠肺炎诊断。提出AMDRC-Net架构，其中的残差结构，通过恒等映射解决了网络退化问题，与此同时，针对残差结构阻碍新特征探索的新问题，受到注意力机制等最新研究启发，研究了长短注意力引导机制。关注深度学习模型安全性问题，讨论基于梯度上升的对抗攻击方法；为了解决其单一性问题，通过长短注意力机制，增加有效对抗扰动的同时减少冗余扰动，紧接着，提出的对抗攻击算法A-IM-FGSM，将对抗攻击问题转化为自适应约束问题，即可微变换思想用于迭代攻击中，探究注意力引导机制与DNN对抗攻击的相互关系。最后进行的实验中，在新型冠状肺炎CT数据集上，通过AMDRC-Net进行模型训练，设计对比实验、可视化实验、对抗攻击实验。

关键词: 新冠肺炎CT影像, 注意力引导机制, 深度学习, DNN对抗攻击

HU Geng, CAI Yanguang. Research of DNN Adversarial Attack on COVID-19 CT Image Dataset[J]. Computer Engineering and Applications, 2022, 58(1): 152-157.

胡耿, 蔡延光. 新冠肺炎CT影像的DNN对抗攻击研究[J]. 计算机工程与应用, 2022, 58(1): 152-157.

References

[1] MEHTA P，MCAULEY D，BROWN M，et al.COVID-19：Consider cytokine storm syndromes and immunosuppression[J].The Lancet，2020，395：1033-1034
[2] SINGH D，KUMAR V，VAISHALI，et al.Classification of COVID-19 patients from chest CT images using multi-objective differential evolution-based convolutional neural networks[J].European Journal of Clinical Microbiology，2020，39（7）：1379-1389.
[3] 钟飞扬，张寒菲，王彬宸，等.新型冠状病毒肺炎的CT影像学表现[J].武汉大学学报（医学版），2020，41（3）：345-348. ZHONG F Y，ZHANG H F，WANG B C，et al.CT findings in 2019 novel coronavirus disease（COVID-19） patients[J].Medical Journal of Wuhan University，2020，41（3）：345-348.
[4] LéCUN Y，BOTTOU L，BENGIO Y，et al.Gradient-based learning applied to document recognition[J].Proceedings of the IEEE，1998，86（11）：2278-2324.
[5] SIMONYAN K，ZISSERMAN A.Very deep convolutional networks for large-scale image recognition[J].arXiv：1409.
1556，2014.
[6] HE K，ZHANG X，REN S，et al.Deep residual learning for image recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition，2016：770-778.
[7] SZEGEDY C，VANHOUCKE V，IOFFE S，et al.Rethinking the inception architecture for computer vision[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition，2016：2818-2826.
[8] HU J，SHEN L，SUN G.Squeeze-and-excitation networks[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition，2018：7132-7141.
[9] GOODFELLOW I J，SHLENS J，SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv：1412.6572，2014.
[10] AKHTAR N，MIAN A.Threat of adversarial attacks on deep learning in computer vision：A survey[J].IEEE Access，2018，6：14410-14430.
[11] KURAKIN A，GOODFELLOW I，BENGIO S.Adversarial examples in the physical world[J].arXiv：1607.02533，2016.
[12] DONG Y，LIAO F，PANG T，et al.Boosting adversarial attacks with momentum[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition，2018：9185-9193.
[13] IOFFE S，SZEGEDY C.Batch normalization：Accelerating deep network training by reducing internal covariate shift[J].arXiv：1502.03167，2015.
[14] SELVARAJU R R，COGSWELL M，DAS A，et al.Grad-cam：Visual explanations from deep networks via gradient-based localization[C]//Proceedings of the IEEE International Conference on Computer Vision，2017：618-626.

[1]	SHI Jie, YUAN Chenxiang, DING Fei, KONG Weixiang. Survey of Building Target Detection in SAR Images [J]. Computer Engineering and Applications, 2022, 58(8): 58-66.
[2]	XIONG Fengguang, ZHANG Xin, HAN Xie, KUANG Liqun, LIU Huanle, JIA Jionghao. Research on Improved Semantic Segmentation of Remote Sensing [J]. Computer Engineering and Applications, 2022, 58(8): 185-190.
[3]	YANG Jinfan, WANG Xiaoqiang, LIN Hao, LI Leixiao, YANG Yanyan, LI Kecen, GAO Jing. Review of One-Stage Vehicle Detection Algorithms Based on Deep Learning [J]. Computer Engineering and Applications, 2022, 58(7): 55-67.
[4]	ZHAO Dandan, HUANG Degen, MENG Jiana, GU Feng, ZHANG Pan. Chinese Named Entity Recognition by Integrating Multi-Heads Attention Mechanism and Character and Words Fusion [J]. Computer Engineering and Applications, 2022, 58(7): 142-149.
[5]	WANG Bin, LI Xin. Research on Multi-Source Domain Adaptive Algorithm Integrating Dynamic Residuals [J]. Computer Engineering and Applications, 2022, 58(7): 162-166.
[6]	CHEN Qiuchang, ZHAO Hui, ZUO Enguang, ZHAO Yuxia, WEI Wenyu. Implicit Sentiment Analysis Based on Context Aware Tree Recurrent Neutral Network [J]. Computer Engineering and Applications, 2022, 58(7): 167-175.
[7]	TAN Shuqiu, TANG Guofang, TU Yuanya, ZHANG Jianxun, GE Panjie. Classroom Monitoring Students Abnormal Behavior Detection System [J]. Computer Engineering and Applications, 2022, 58(7): 176-184.
[8]	WANG Xin, WANG Meili, BIAN Dangwei. Algorithm for Portrait Segmentation Combined with MobileNetv2 and Attention Mechanism [J]. Computer Engineering and Applications, 2022, 58(7): 220-228.
[9]	ZHANG Meiyu, LIU Yuehui, HOU Xianghui, QIN Xujia. Automatic Coloring Method for Gray Image Based on Convolutional Network [J]. Computer Engineering and Applications, 2022, 58(7): 229-236.
[10]	ZHANG Zhuangzhuang, QU Licheng, LI Xiang, ZHANG Minghao, LI Zhaolu. Traffic Flow Prediction with Missing Data Based on Spatial-Temporal Convolutional Neural Networks [J]. Computer Engineering and Applications, 2022, 58(7): 259-265.
[11]	XU Jie, ZHU Yukun, XING Chunxiao. Research on Financial Trading Algorithm Based on Deep Reinforcement Learning [J]. Computer Engineering and Applications, 2022, 58(7): 276-285.
[12]	WANG Jing, WANG Kai, YAN Yingjian. Research on Side Channel Attack Technology Based on Conditional Generation Against Network [J]. Computer Engineering and Applications, 2022, 58(6): 110-117.
[13]	CHEN Zuozan, XU Bing, DING Xiaojun, GAN Jingzhong. Natural Scene Text Recognition Based on Encoder-Decoder Framework with Dual Supervision Mechanism [J]. Computer Engineering and Applications, 2022, 58(6): 128-133.
[14]	CAO Yukun, SUN Tao. Chinese Event Argument Extraction Based on GLSTM and Attention [J]. Computer Engineering and Applications, 2022, 58(6): 157-163.
[15]	LI Yanchen, ZHANG Xiaojun, ZHANG Minglu, SHEN Liangyi. Object Detection in Autonomous Driving Scene Based on Improved Efficientdet [J]. Computer Engineering and Applications, 2022, 58(6): 183-191.