| Deep learning revolutionizes healthcare, particularly in medical image classification, with its analysis performance aided by public architectures and transfer learning for pre-trained models. However, these models are vulnerable to adversarial attacks as they rely on learned parameters, and their unexplainable nature can make it challenging to identify and fix the root cause of the model after an attack. Given the increasing use of pre-trained models in life-critical domains like healthcare, testing their robustness against attacks is essential. Evasion and poisoning attacks are two primary attack types, with poisoning attacks having a broader range of poison sample-generating methods, making testing model robustness under them more critical than under evasion attacks. Poisoning attacks do not require an attacker to have a complete understanding to corrupt the model, making them more likely to occur in the real world. This paper evaluates the robustness of the famous pre-trained models trained as binary classifiers under poisonous label attack. The attacks use GANs to generate mislabeled fake images and feed poison samples to the model in a black box manner. The amount of performance degradation using classification metrics evaluates the model's robustness. We found that ConvNeXt architecture is the most robust against this type of attack, suggesting that transformer architecture can be used to build a more robust deep-learning model. |
*** Title, author list and abstract as seen in the Camera-Ready version of the paper that was provided to Conference Committee. Small changes that may have occurred during processing by Springer may not appear in this window.