Longitudinal Mammogram Exam-based Breast Cancer Diagnosis Models: Vulnerability to Adversarial Attacks
This work addresses a critical security gap in medical AI systems for breast cancer diagnosis, highlighting vulnerabilities that could impact patient safety, though it is incremental as it builds on existing adversarial attack research.
The study tackled the vulnerability of longitudinal mammogram-based breast cancer diagnosis models to adversarial attacks by proposing a novel attack method that exploits feature-level relationships between sequential exams, achieving significant efficacy in fooling models to give opposite outputs, even when models were adversarially trained.
In breast cancer detection and diagnosis, the longitudinal analysis of mammogram images is crucial. Contemporary models excel in detecting temporal imaging feature changes, thus enhancing the learning process over sequential imaging exams. Yet, the resilience of these longitudinal models against adversarial attacks remains underexplored. In this study, we proposed a novel attack method that capitalizes on the feature-level relationship between two sequential mammogram exams of a longitudinal model, guided by both cross-entropy loss and distance metric learning, to achieve significant attack efficacy, as implemented using attack transferring in a black-box attacking manner. We performed experiments on a cohort of 590 breast cancer patients (each has two sequential mammogram exams) in a case-control setting. Results showed that our proposed method surpassed several state-of-the-art adversarial attacks in fooling the diagnosis models to give opposite outputs. Our method remained effective even if the model was trained with the common defending method of adversarial training.