Medical Image Classification Attack Based on Texture Manipulation

Yunrui Gu; Cong Kong; Zhaoxia Yin; Yan Wang; Qingli Li

doi:10.1007/978-3-031-78198-8_3

Medical Image Classification Attack Based on Texture Manipulation

Yunrui Gu
, Cong Kong
, Zhaoxia Yin^*
, Yan Wang
, Qingli Li

^*Corresponding author for this work

School of Communication and Electronic Engineering

East China Normal University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

The security of artificial intelligence systems has received great attention, especially in the field of smart medical diagnosis in over the past few years. In order to enhance the security of smart medical systems, it is important to study adversarial attack methods to increase defense performance, and the central aspect of adversarial attacks lies in crafting effective strategies that can integrate covert malicious behaviors within the system. However, due to the diversity of medical imaging modes and dimensions, creating a unified attack approach that produces imperceptible examples with high content similarity and applies them across various medical image classification systems presents significant challenges. Most existing attack methods aim at attacking natural image classification models, which inevitably add global noise to the image and make the attack more visible, simultaneously does not taking into account that medical image classification task considers texture information more. To address this issue, we propose a new adversarial attack method based on changing texture information that utilizes the CycleGAN approach, while also incorporating AdvGAN to ensure the attack success rate. Our method can provide attacks in various medical image classification tasks. Our experiment includes two public medical image datasets, including chest X-Ray image dataset and melanoma dermoscopy dataset, which contain different imaging modes and dimensions. The results indicate that our model has superior performance in attacking medical image classification tasks in different imaging modes and dimensions compared to other state-of-the-art adversarial attack methods.

Original language	English
Title of host publication	Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings
Editors	Apostolos Antonacopoulos, Subhasis Chaudhuri, Rama Chellappa, Cheng-Lin Liu, Saumik Bhattacharya, Umapada Pal
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	33-48
Number of pages	16
ISBN (Print)	9783031781971
DOIs	https://doi.org/10.1007/978-3-031-78198-8_3
State	Published - 2025
Event	27th International Conference on Pattern Recognition, ICPR 2024 - Kolkata, India Duration: 1 Dec 2024 → 5 Dec 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	15312 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	27th International Conference on Pattern Recognition, ICPR 2024
Country/Territory	India
City	Kolkata
Period	1/12/24 → 5/12/24

Keywords

Adversarial attack
Medical diagnosis
Texture

Access to Document

10.1007/978-3-031-78198-8_3

Cite this

Gu, Y., Kong, C., Yin, Z., Wang, Y., & Li, Q. (2025). Medical Image Classification Attack Based on Texture Manipulation. In A. Antonacopoulos, S. Chaudhuri, R. Chellappa, C.-L. Liu, S. Bhattacharya, & U. Pal (Eds.), Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings (pp. 33-48). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15312 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-78198-8_3

Gu, Yunrui ; Kong, Cong ; Yin, Zhaoxia et al. / Medical Image Classification Attack Based on Texture Manipulation. Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings. editor / Apostolos Antonacopoulos ; Subhasis Chaudhuri ; Rama Chellappa ; Cheng-Lin Liu ; Saumik Bhattacharya ; Umapada Pal. Springer Science and Business Media Deutschland GmbH, 2025. pp. 33-48 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{50298df72374465f8e54c33ff35c6c22,

title = "Medical Image Classification Attack Based on Texture Manipulation",

abstract = "The security of artificial intelligence systems has received great attention, especially in the field of smart medical diagnosis in over the past few years. In order to enhance the security of smart medical systems, it is important to study adversarial attack methods to increase defense performance, and the central aspect of adversarial attacks lies in crafting effective strategies that can integrate covert malicious behaviors within the system. However, due to the diversity of medical imaging modes and dimensions, creating a unified attack approach that produces imperceptible examples with high content similarity and applies them across various medical image classification systems presents significant challenges. Most existing attack methods aim at attacking natural image classification models, which inevitably add global noise to the image and make the attack more visible, simultaneously does not taking into account that medical image classification task considers texture information more. To address this issue, we propose a new adversarial attack method based on changing texture information that utilizes the CycleGAN approach, while also incorporating AdvGAN to ensure the attack success rate. Our method can provide attacks in various medical image classification tasks. Our experiment includes two public medical image datasets, including chest X-Ray image dataset and melanoma dermoscopy dataset, which contain different imaging modes and dimensions. The results indicate that our model has superior performance in attacking medical image classification tasks in different imaging modes and dimensions compared to other state-of-the-art adversarial attack methods.",

keywords = "Adversarial attack, Medical diagnosis, Texture",

author = "Yunrui Gu and Cong Kong and Zhaoxia Yin and Yan Wang and Qingli Li",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 27th International Conference on Pattern Recognition, ICPR 2024 ; Conference date: 01-12-2024 Through 05-12-2024",

year = "2025",

doi = "10.1007/978-3-031-78198-8\_3",

language = "英语",

isbn = "9783031781971",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "33--48",

editor = "Apostolos Antonacopoulos and Subhasis Chaudhuri and Rama Chellappa and Cheng-Lin Liu and Saumik Bhattacharya and Umapada Pal",

booktitle = "Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings",

address = "德国",

}

Gu, Y, Kong, C, Yin, Z , Wang, Y & Li, Q 2025, Medical Image Classification Attack Based on Texture Manipulation. in A Antonacopoulos, S Chaudhuri, R Chellappa, C-L Liu, S Bhattacharya & U Pal (eds), Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 15312 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 33-48, 27th International Conference on Pattern Recognition, ICPR 2024, Kolkata, India, 1/12/24. https://doi.org/10.1007/978-3-031-78198-8_3

Medical Image Classification Attack Based on Texture Manipulation. / Gu, Yunrui; Kong, Cong; Yin, Zhaoxia et al.
Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings. ed. / Apostolos Antonacopoulos; Subhasis Chaudhuri; Rama Chellappa; Cheng-Lin Liu; Saumik Bhattacharya; Umapada Pal. Springer Science and Business Media Deutschland GmbH, 2025. p. 33-48 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15312 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Medical Image Classification Attack Based on Texture Manipulation

AU - Gu, Yunrui

AU - Kong, Cong

AU - Yin, Zhaoxia

AU - Wang, Yan

AU - Li, Qingli

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025

Y1 - 2025

N2 - The security of artificial intelligence systems has received great attention, especially in the field of smart medical diagnosis in over the past few years. In order to enhance the security of smart medical systems, it is important to study adversarial attack methods to increase defense performance, and the central aspect of adversarial attacks lies in crafting effective strategies that can integrate covert malicious behaviors within the system. However, due to the diversity of medical imaging modes and dimensions, creating a unified attack approach that produces imperceptible examples with high content similarity and applies them across various medical image classification systems presents significant challenges. Most existing attack methods aim at attacking natural image classification models, which inevitably add global noise to the image and make the attack more visible, simultaneously does not taking into account that medical image classification task considers texture information more. To address this issue, we propose a new adversarial attack method based on changing texture information that utilizes the CycleGAN approach, while also incorporating AdvGAN to ensure the attack success rate. Our method can provide attacks in various medical image classification tasks. Our experiment includes two public medical image datasets, including chest X-Ray image dataset and melanoma dermoscopy dataset, which contain different imaging modes and dimensions. The results indicate that our model has superior performance in attacking medical image classification tasks in different imaging modes and dimensions compared to other state-of-the-art adversarial attack methods.

AB - The security of artificial intelligence systems has received great attention, especially in the field of smart medical diagnosis in over the past few years. In order to enhance the security of smart medical systems, it is important to study adversarial attack methods to increase defense performance, and the central aspect of adversarial attacks lies in crafting effective strategies that can integrate covert malicious behaviors within the system. However, due to the diversity of medical imaging modes and dimensions, creating a unified attack approach that produces imperceptible examples with high content similarity and applies them across various medical image classification systems presents significant challenges. Most existing attack methods aim at attacking natural image classification models, which inevitably add global noise to the image and make the attack more visible, simultaneously does not taking into account that medical image classification task considers texture information more. To address this issue, we propose a new adversarial attack method based on changing texture information that utilizes the CycleGAN approach, while also incorporating AdvGAN to ensure the attack success rate. Our method can provide attacks in various medical image classification tasks. Our experiment includes two public medical image datasets, including chest X-Ray image dataset and melanoma dermoscopy dataset, which contain different imaging modes and dimensions. The results indicate that our model has superior performance in attacking medical image classification tasks in different imaging modes and dimensions compared to other state-of-the-art adversarial attack methods.

KW - Adversarial attack

KW - Medical diagnosis

KW - Texture

UR - https://www.scopus.com/pages/publications/85212308340

U2 - 10.1007/978-3-031-78198-8_3

DO - 10.1007/978-3-031-78198-8_3

M3 - 会议稿件

AN - SCOPUS:85212308340

SN - 9783031781971

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 33

EP - 48

BT - Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings

A2 - Antonacopoulos, Apostolos

A2 - Chaudhuri, Subhasis

A2 - Chellappa, Rama

A2 - Liu, Cheng-Lin

A2 - Bhattacharya, Saumik

A2 - Pal, Umapada

PB - Springer Science and Business Media Deutschland GmbH

T2 - 27th International Conference on Pattern Recognition, ICPR 2024

Y2 - 1 December 2024 through 5 December 2024

ER -

Gu Y, Kong C, Yin Z , Wang Y , Li Q. Medical Image Classification Attack Based on Texture Manipulation. In Antonacopoulos A, Chaudhuri S, Chellappa R, Liu CL, Bhattacharya S, Pal U, editors, Pattern Recognition - 27th International Conference, ICPR 2024, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 33-48. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-031-78198-8_3

Medical Image Classification Attack Based on Texture Manipulation

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this