Impact of Adversarial and Backdoor Attacks on Deep Learning Models on HealthCare 4.0

Abstract

Recent development in Machine Learning (ML) is giving rebirth to the future of intelligent systems enabling multiple domain applications, but backdoor attacks represent a serious threat to the integrity of Artificial intelligence (AI) technologies. However, a trainer can recognise the presence of poisoned samples. Therefore, a backdoor attack needs to be as elusive as possible. In literature, a lot of work has been done on poisoning the samples, in which most of the authors assumed that the labels of the samples are also poisoned. This compromise the elusiveness of the backdoor attacks because poisoned samples can be identified by visual inspection by finding the mismatch between the labels of the samples. This thesis presents an effective new backdoor attack without poisoning the labels. We also introduce a Hybrid attack composed of FGSM and backdoor attacks than will be highly effective and partially elusive. We experimented with these attacks on a CNN-based system for MRI, which shows that attacks without poisoning the label are indeed possible, thus raising concern regarding using AI in sensitive applications.