A Dual-Reweighting Defense Strategy Against Data Poisoning Attacks in Medical Image Classification Models.
Authors
Affiliations (2)
Affiliations (2)
- College of Computer, Minnan Normal University, Zhangzhou, Fujian, China.
- College of Computer, Minnan Normal University, Zhangzhou, Fujian, China. [email protected].
Abstract
With the rapid advancement of deep learning models in disease detection and medical image analysis, concerns regarding their security have become increasingly prominent. Especially under the threat of data poisoning attacks, malicious actors may tamper with data or model parameters, significantly reduce model performance, and lead to incorrect diagnoses or decisions, thereby posing a serious threat to patients' health and lives. To address this problem, we propose a novel defense scheme named Dweighted that integrates dual weighting with clustering analysis. The scheme comprehensively considers the size of each client's dataset, model parameter differences, and similarity analysis to dynamically adjust the i-th client's weight. Furthermore, it employs principal component analysis (PCA) and K-means clustering to accurately identify and eliminate malicious clients. Experimental results demonstrate that Dweighted significantly enhances the global model's security and robustness against data poisoning attacks while maintaining high classification accuracy. Compared to other baselines, Dweighted achieves an overall accuracy (All Acc) of 94.89% and reduces the attack success rate to 2.43%Â in the IID setting.