A multi-layered defense against adversarial attacks in brain tumor classification using ensemble adversarial training and feature squeezing.
Authors
Affiliations (2)
Affiliations (2)
- Computational and Data Science Program, Middle Tennessee State University, 1301 East Main Street, Murfreesboro, TN, 37132, USA.
- Department of Engineering Technology, Middle Tennessee State University, 1301 East Main Street, Murfreesboro, TN, 37132, USA. [email protected].
Abstract
Deep learning, particularly convolutional neural networks (CNNs), has proven valuable for brain tumor classification, aiding diagnostic and therapeutic decisions in medical imaging. Despite their accuracy, these models are vulnerable to adversarial attacks, compromising their reliability in clinical settings. In this research, we utilized a VGG16-based CNN model to classify brain tumors, achieving 96% accuracy on clean magnetic resonance imaging (MRI) data. To assess robustness, we exposed the model to Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) attacks, which reduced accuracy to 32% and 13%, respectively. We then applied a multi-layered defense strategy, including adversarial training with FGSM and PGD examples and feature squeezing techniques such as bit-depth reduction and Gaussian blurring. This approach improved model resilience, achieving 54% accuracy on FGSM and 47% on PGD adversarial examples. Our results highlight the importance of proactive defense strategies for maintaining the reliability of AI in medical imaging under adversarial conditions.