One-Pixel Attack Deceives Computer-Assisted Diagnosis of Cancer
This research highlights a critical cybersecurity vulnerability for medical AI systems, specifically for computer-assisted cancer diagnosis, where a small, targeted attack could lead to incorrect diagnoses and treatments.
This paper demonstrates that a one-pixel modification to whole-slide pathology images can reverse the automatic diagnosis result of IBM CODAIT's MAX breast cancer detector. This attack was performed using differential evolution on the TUPAC16 dataset.
Computer vision and machine learning can be used to automate various tasks in cancer diagnostic and detection. If an attacker can manipulate the automated processing, the results can be devastating and in the worst case lead to wrong diagnosis and treatment. In this research, the goal is to demonstrate the use of one-pixel attacks in a real-life scenario with a real pathology dataset, TUPAC16, which consists of digitized whole-slide images. We attack against the IBM CODAIT's MAX breast cancer detector using adversarial images. These adversarial examples are found using differential evolution to perform the one-pixel modification to the images in the dataset. The results indicate that a minor one-pixel modification of a whole slide image under analysis can affect the diagnosis by reversing the automatic diagnosis result. The attack poses a threat from the cyber security perspective: the one-pixel method can be used as an attack vector by a motivated attacker.