Adversarial robustness enhancement in deep learning-based breast cancer classification: A multi-faceted approach to poisoning and Evasion attack mitigation

Deep learning models used in medical image classification continue to be vulnerable to adversarial attacks, particularly in the case of Invasive Ductal Carcinoma (IDC). The proposed attacks will negatively impact the integrity and reliability of the model. This work optimizes Convolutional Neural Networks (CNN) used for IDC classification. A competitive CNN designed and trained on the IDC dataset using Stochastic Gradient Descent with Momentum (SGD) as the optimizer achieved a training accuracy of 99 % and a testing accuracy of 80 %. The paper evaluates the extent to which this model is susceptible to adversarial manipulation, notably Poison and Evasion attacks. The research reveals that poisonous attacks, notably those of the Layer-wise Model Distortion (LMD) framework with feature-space poison injection, resulted in the model achieving an accuracy of 66 %. Evasion attacks using the Fast Gradient Sign Method (FGSM) under the LMD framework led to an accuracy of 92 %. To bridge the discussed gaps, new defense techniques have been proposed and tested using Layer-wise Robustness Enhancement (LRF). Defense techniques involved dynamic layer-wise weighting, leading overall accuracies against poison attacks to surge to 76 %, and adaptive denoising to lead overall accuracies against evasion attacks to 79 %. This study discussed the seminal issue of adversarial manipulation in medical picture classification and how some defenses are justified in the LRF framework to substantially improve the model's resiliency, integrity, and trust.