The answer here is that you cannot. Medical imaging is a very complex problem and there are many ways of altering the data without changing its meaning. For example:
- Adding noise (or other artefacts) to an image will not change its meaning because it’s already noisy.
- Adding contrast or brightness may also not be enough. If the original image was dark, then increasing the brightness might make it look like something else entirely.
- Altering the shape of an object by stretching it out or shrinking it down will not change its meaning either.
In short, if someone has access to your medical images, they have full control over them. They could alter their appearance so much that you would never know what the original looked like.
What about the case where the adversary does not have access to the patient’s medical images but only has access to the results of the examination?
In this case, the adversary can still manipulate the data. However, the manipulations must be subtle. The adversary must try to fool the machine learning algorithm as well as the human doctors who read the images.
For example, if the adversary adds some noise to the images, then the algorithm should detect it. But if the adversary simply increases the brightness of all pixels, then the algorithm won’t notice anything wrong with the image.
If the adversary tries to stretch the objects in the images, then the doctor reading the image will see that the object looks stretched. But if the adversary just makes the object bigger, then the doctor won’t notice anything suspicious.
If the adversary alters the shape of the objects, then the doctor will notice that the object is distorted. But if the adversary changes the colour of the objects, then no one will notice anything strange.
Is it possible for the adversary to use my own medical images as training data?
Yes, it’s definitely possible. In fact, this is how most AI algorithms work. They train on large amounts of labelled data before using it to classify new data.
But even if the adversary uses your own medical images as training examples, he/she will likely not get good results. This is because the adversary doesn’t understand the underlying concepts that the machine learning algorithm relies upon.
It also depends on the type of attack and the kind of information you want to protect.
There are two kinds of attacks:
1. Information leakage:
This is when the attacker gets access to sensitive information about the victim. Examples include financial records, medical records, etc.
2. Adversarial attack:
This is where the attacker modifies the input such that the system produces incorrect output. An example of this is modifying the inputs to fool the facial recognition software.
The first attack is more common than the second. And the reason why is because the first adversarial machine learning attack requires less effort from the adversary. All the adversary needs is a computer and internet connection. He/she can easily gain access to your private information without having to do any extra work.
The second attack is harder to pull off. It involves understanding the inner workings of the system. So, the adversary must spend time studying the system and figuring out how it works.
However, the second attack is more powerful. If the adversary knows how the system works, then he/she can modify the inputs to make the system produce an erroneous result.
How to Protect Yourself From Medical Image Manipulation Attacks
The best way to prevent medical image manipulation attacks is by using multiple layers of security. You need to use both technical and non-technical methods.
These are methods that rely on technology. These include encryption, digital signatures, watermarking, tamper-proofing, etc.
These are methods that don’t rely on technology. These methods include behavioural analysis, social engineering, reputation management, etc.
For example, if you’re using encryption for security, then you should have a key escrow mechanism so that only authorized people can decrypt the encrypted files.
Similarly, if you’re using digital signatures, then you should ensure that the signature keys are stored securely and never shared with anyone else.
How To Use The Internet and Adversarial Machine Learning Safely?
ExterNetworks says – The first thing you need to do is make sure that your computer has a firewall installed and enabled on it.
There are a few ways to protect yourself from adversarial machine learning attacks. Firstly, you should be aware of the risks and know how to identify an adversarial machine learning attack. Secondly, you should only use machine learning models from trusted sources. Finally, you should keep your machine learning models up-to-date with the latest security patches.