{"title":"Adversarial robust image processing in medical digital twin","authors":"Samaneh Shamshiri , Huaping Liu , Insoo Sohn","doi":"10.1016/j.inffus.2024.102728","DOIUrl":null,"url":null,"abstract":"<div><div>Recent advancements in state-of-the-art technologies, including Artificial Intelligence (AI), Internet of Things (IoT), and cloud computing, have led to the emergence of an innovative technology known as digital twins (DTs). A digital twin is a virtual replica of the physical entity, with data connections in between. This technology has proven highly effective in several industries by improving decision-making and operational efficiency. In critical areas like healthcare, digital twins are increasingly being used to address the limitations of conventional approaches by creating virtual simulations of hospitals, medical equipment, patients, or even individual organs. These medical digital twins (MDT) revolutionize the healthcare industry by offering advanced solutions to enhance treatment outcomes and overall patient care. However, these systems are challenging because of the security and critical issues involved. Therefore, despite their achievements, the numerous security threats make it crucial to address the security challenges of digital twin technology. Given the lack of research on attacks targeting MDT functionalities, we concentrated on a specific cyber threat called adversarial attacks. Adversarial attacks exploit the model’s performance by introducing small, carefully crafted perturbations to manipulate the input data. To assess the vulnerability of medical digital twins to such attacks, we carried out a proof-of-concept study. Using image processing techniques and an artificial neural network model, we created a digital twin to diagnose breast cancer through thermography images. Then, we employed this digital twin to initiate an adversarial attack. For this purpose, we inserted adversarial perturbation as input to the trained model. Our results demonstrated the vulnerability of the digital twin model to adversarial attacks. To tackle this problem, we implemented an innovative modification to the digital twin’s architecture to enhance its robustness against various attacks. We proposed a novel defense method that fuses wavelet denoising and adversarial training, substantially strengthening the model’s resilience to adversarial attacks. Furthermore, the proposed digital twin is evaluated using a dataset of diabetic foot ulcers. To the best of our knowledge, it is the first defense method that makes the medical digital twin significantly robust against adversarial attacks.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"115 ","pages":"Article 102728"},"PeriodicalIF":14.7000,"publicationDate":"2024-10-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253524005062","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Recent advancements in state-of-the-art technologies, including Artificial Intelligence (AI), Internet of Things (IoT), and cloud computing, have led to the emergence of an innovative technology known as digital twins (DTs). A digital twin is a virtual replica of the physical entity, with data connections in between. This technology has proven highly effective in several industries by improving decision-making and operational efficiency. In critical areas like healthcare, digital twins are increasingly being used to address the limitations of conventional approaches by creating virtual simulations of hospitals, medical equipment, patients, or even individual organs. These medical digital twins (MDT) revolutionize the healthcare industry by offering advanced solutions to enhance treatment outcomes and overall patient care. However, these systems are challenging because of the security and critical issues involved. Therefore, despite their achievements, the numerous security threats make it crucial to address the security challenges of digital twin technology. Given the lack of research on attacks targeting MDT functionalities, we concentrated on a specific cyber threat called adversarial attacks. Adversarial attacks exploit the model’s performance by introducing small, carefully crafted perturbations to manipulate the input data. To assess the vulnerability of medical digital twins to such attacks, we carried out a proof-of-concept study. Using image processing techniques and an artificial neural network model, we created a digital twin to diagnose breast cancer through thermography images. Then, we employed this digital twin to initiate an adversarial attack. For this purpose, we inserted adversarial perturbation as input to the trained model. Our results demonstrated the vulnerability of the digital twin model to adversarial attacks. To tackle this problem, we implemented an innovative modification to the digital twin’s architecture to enhance its robustness against various attacks. We proposed a novel defense method that fuses wavelet denoising and adversarial training, substantially strengthening the model’s resilience to adversarial attacks. Furthermore, the proposed digital twin is evaluated using a dataset of diabetic foot ulcers. To the best of our knowledge, it is the first defense method that makes the medical digital twin significantly robust against adversarial attacks.
期刊介绍:
Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.