Mitigating adversarial attacks on medical imaging understanding systems

Authors

Rahul Paul
Dmitry Goldgof
Lawrence Hall
Matthew Schabath
Robert Gillies

Document Type

Article

Publication Date

September 2023

Patent Number

11763450

CPC

G06T 7/0012, G16H 30/20, G06F 16/55, G06F 21/566

Abstract

The present disclosure describes a multi-initialization ensemble-based defense strategy against an adversarial attack. In one embodiment, an exemplary method includes training a plurality of conventional neural networks (CNNs) with a training set of images, wherein the images include original images and images modified by an adversarial attack; after training of the plurality of conventional neural networks, providing an input image to the plurality of conventional neural networks, wherein the input image has been modified by an adversarial attack; receiving a probability output for the input image from each of the plurality of conventional neural networks; producing an ensemble probability output for the input image by combining the probability outputs from each of the plurality of conventional neural networks; and labeling the input image as belonging to one of the one or more categories based on the ensemble probability output.

Application Number

17/099372

Recommended Citation

Paul, Rahul; Goldgof, Dmitry; Hall, Lawrence; Schabath, Matthew; and Gillies, Robert, "Mitigating adversarial attacks on medical imaging understanding systems" (2023). USF Patents. 1353.
https://digitalcommons.usf.edu/usf_patents/1353

Assignees

UNIVERSITY OF SOUTH FLORIDA

Filing Date

11/16/2020