计算机科学 ›› 2022, Vol. 49 ›› Issue (12): 340-345.doi: 10.11896/jsjkx.220500185

• 信息安全 • 上一篇    下一篇

一种面向脑疾病诊断的图卷积网络对抗攻击方法

王晓明, 温旭云, 徐梦婷, 张道强   

  1. 南京航空航天大学计算机科学与技术学院 南京211111
  • 收稿日期:2022-05-20 修回日期:2022-08-27 发布日期:2022-12-14
  • 通讯作者: 张道强(dqzhang@nuaa.edu.cn)
  • 作者简介:(leowxm@nuaa.edu.cn)
  • 基金资助:
    国家自然科学基金(62136004,61876082,61732006);中央高校基本科研业务费专项资金(3082020NZ2020018)

Graph Convolutional Network Adversarial Attack Method for Brain Disease Diagnosis

WANG Xiao-ming, WEN Xu-yun, XU Meng-ting, ZHANG Dao-qiang   

  1. College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 211111,China
  • Received:2022-05-20 Revised:2022-08-27 Published:2022-12-14
  • About author:WANG Xiao-ming,born in 1999,master,is a member of China Association of Artificial Intelligence.His main research interests include brain functional connectivity networks analysis and machine learning.ZHANG Dao-qiang,born in 1978,Ph.D,professor,Ph.D supervisor,is a member of China Computer Federation.His main research interests include machine learning,pattern recognition,data mi-ning and medical image analysis.
  • Supported by:
    National Natural Science Foundation of China(62136004,61876082,61732006) and Fundamental Research Funds for the Central Universities(3082020NZ2020018 ).

摘要: 近年来,利用静息态功能磁共振成像的脑功能网络分析已被广泛应用于各类脑疾病的计算机辅助诊断任务中。结合临床表型测量与脑功能网络构建的图卷积神经网络框架,提高了智能医学疾病诊断模型对现实世界的适用性。但是,基于脑功能网络的疾病诊断模型的可信度研究是一个重要但仍被广泛忽视的部分。对抗攻击技术在医疗机器学习中对模型的“欺骗”进一步引发了模型应用于临床实际中的安全与信任问题。基于此,在这项工作中,首次提出了一种面向脑疾病诊断的图卷积网络对抗攻击方法BFGCNattack,结合临床表型测量构建了疾病诊断模型,探索评估了智能诊断模型在面临对抗攻击时的鲁棒性。在自闭症脑成像数据集上的实验结果表明,使用图卷积网络构建的诊断模型在面临提出的对抗攻击时是脆弱的,即使只执行少量(10%)的扰动,模型的准确率和分类裕度均显著下降,同时愚弄率也显著提高。

关键词: 对抗攻击方法, 脑疾病诊断, 图卷积网络, 脑功能网络分析, 模型鲁棒性

Abstract: In recent years,brain functional networks analysis using the resting state functional magnetic resonance imaging data has been widely used in computer-aided diagnosis tasks of various brain diseases.The graph convolutional network framework integrating clinical phenotypic measurements and brain functional networks improves the applicability of intelligent medical disease diagnosis models to the real world.However,the trustworthiness study is an important but still widely neglected component of disease diagnosis models based on brain functional networks.Adversarial attack techniques in medical machine learning can deceive models,which further leads to the security and trust issues of the model applied in clinical practice.Based on this,this paper proposes an adversarial attack method BFGCNattack on graph convolutional network for brain disease diagnosis,constructs a disease diagnosis model integrating clinical phenotypic measurements,and evaluates the robustness of brain functional networks-based disease diagnosis model in the face of adversarial attacks.Experimental results on the autism brain imaging data exchange dataset suggest that the models constructed using graph convolutional networks are vulnerable to the proposed adversarial attack.Even if only a small number(10%) of perturbations are performed,the model’s accuracy and classification margin significantly decrease,while the fooling rate significantly increases.

Key words: Adversarial attack method, Brain disease diagnosis, Graph convolutional network, Brain functional networks analysis, Model robustness

中图分类号: 

  • TP181
[1]FINN E S,ROSENBERG M D.Beyond fingerprinting:Choosing predictive connectomes over reliable connectomes[J].Neuro-Image,2021,239:118254.
[2]SHEN X L,FINN E S,SCHEINOST D,et al.Using connectome-based predictive modeling to predict individual behavior from brain connectivity[J].Nature Protocols,2017,12(3):506-518.
[3]SONG H,FINN E S,ROSENBERG M D.Neural signatures of attentional engagement during narratives and its consequences for event memory[C]//Proceedings of the National Academy of Sciences.2021.
[4]DU Y H,FU Z,CALHOUN V D.Classification and prediction of brain disorders using functional connectivity:promising but challenging[J/OL].https://www.frontiersin.org/articles/10.3389/fnins.2018.00525/full.
[5]ZHANG D Q,HUANG J S,JIE B,et al.Ordinal pattern:A new descriptor for brain connectivity networks[J].IEEE Transactions on Medical Imaging,2018,37(7):1711-1722.
[6]GAN J Z,PENG Z W,ZHU X F,et al.Brain functional connectivity analysis based on multi-graph fusion[J/OL].https://www.sciencedirect.com/science/article/abs/pii/S1361841521001031.
[7]BENKARIM O,PAQUOLA C,PARK B,et al.The cost of untracked diversity in brain-imaging prediction[J/OL]. https://www.biorxiv.org/content/10.1101/2021.06.16.448764v1.
[8]SZEGEDY C,ZAREMBA W,SUTSKEVER I,et al.Intriguing properties of neural networks[J].arXiv:1312.6199,2013.
[9]DEMONTIS A,MELIS M,BIGGIO B,et al.Yes,machine lear-ning can be more secure! a case study on android malware detection[J].IEEE Transactions on Dependable and Secure Computing,2017,16(4):711-724.
[10]GOODFELLOW I J,SHLENS J,SZEGEDY C.Explaining and harnessing adversarial examples[J].arXiv:1412.6572,2014.
[11]FINLAYSON S G,BOWERS J D,ITO J,et al.Adversarial attacks on medical machine learning[J].Science,2019,363(6433):1287-1289.
[12]DI MARTINO A,YAN C G,LI Q,et al.The autism brain imaging data exchange:towards a large-scale evaluation of the intrinsic brain architecture in autism[J].Molecular psychiatry,2014,19(6):659-667.
[13]SUN L C,DOU Y T,YANG C,et al.Adversarial attack and defense on graph data:A survey[J].arXiv:1812.10528,2018.
[14]XU K D,CHEN H G,LIU S J,et al.Topology attack and defense for graph neural networks:An optimization perspective[J].arXiv:1906.04214,2019.
[15]DOU Y T,MA G X,YU P S,et al.Robust spammer detection by nash reinforcement learning[C]//Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Disco-very & Data Mining.2020:924-933.
[16]WANG X Y,CHENG M H,EATON J,et al.Attack graph convolutional networks by adding fake nodes[J].arXiv:1810.10751,2018.
[17]ZÜGNER D,AKBARNEJAD A,GÜNNEMANN S.Adversarial attacks on neural networks for graph data[C]//Proceedings of the 24th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining.2018:2847-2856.
[18]CHEN J Y,CHEN L H,CHEN Y X,et al.GA-based Q-attack on community detection[J].IEEE Transactions on Computational Social Systems,2019,6(3):491-503.
[19]BOJCHEVSKI A,GÜNNEMANN S.Adversarial attacks onnode embeddings via graph poisoning[C]//InternationalConfe-rence on Machine Learning.PMLR,2019:695-704.
[20]CHEN Y Z,NADJI Y,KOUNTOURAS A,et al.Practical attacks against graph-based clustering[C]//Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security.2017:1125-1142.
[21]FENG F L,HE X N,TANG J,et al.Graph adversarial training:Dynamically regularizing based on graph structure[J].IEEE Transactions on Knowledge and Data Engineering,2019,33(6):2493-2504.
[22]BETZEL R F,BASSETT D S.Multi-scale brain networks[J].Neuroimage,2017,160:73-83.
[23]GREICIUS M D,KRASNOW B,REISS A L,et al.Functional connectivity in the resting brain:a network analysis of the default mode hypothesis[C]//Proceedings of the National Academy of Sciences.2003:253-258.
[24]KTENA S I,PARISOT S,FERRANTE E,et al.Metric learning with spectral graph convolutions on brain connectivity networks[J].NeuroImage,2018,169:431-442.
[25]PARISOT S,KTENA S I,FERRANTE E,et al.Disease prediction using graph convolutional networks:application to autism spectrum disorder and Alzheimer’s disease[J].Medical Image Analysis,2018,48:117-130.
[26]DEFFERRARD M,BRESSON X,VANDERGHEYNST P.Convolutional neural networks on graphs with fast localized spectral filtering[J].Advances in Neural Information Processing Systems,2016,29:3844-3852.
[27]KIPF T N,WELLING M.Semi-supervised classification withgraph convolutional networks[J].arXiv:1609.02907,2016.
[1] 汪鸣, 彭舰, 黄飞虎.
基于多时间尺度时空图网络的交通流量预测模型
Multi-time Scale Spatial-Temporal Graph Neural Network for Traffic Flow Prediction
计算机科学, 2022, 49(8): 40-48. https://doi.org/10.11896/jsjkx.220100188
[2] 周慧, 施皓晨, 屠要峰, 黄圣君.
基于主动采样的深度鲁棒神经网络学习
Robust Deep Neural Network Learning Based on Active Sampling
计算机科学, 2022, 49(7): 164-169. https://doi.org/10.11896/jsjkx.210600044
[3] 李健智, 王红玲, 王中卿.
基于图卷积网络的专利摘要自动生成研究
Automatic Generation of Patent Summarization Based on Graph Convolution Network
计算机科学, 2022, 49(6A): 172-177. https://doi.org/10.11896/jsjkx.210400117
[4] 赵小虎, 叶圣, 李晓.
多算法融合的骨骼重建信息动作分类方法
Multi-algorithm Fusion Behavior Classification Method for Body Bone Information Reconstruction
计算机科学, 2022, 49(6): 269-275. https://doi.org/10.11896/jsjkx.210500070
[5] 周海榆, 张道强.
面向多中心数据的超图卷积神经网络及应用
Multi-site Hyper-graph Convolutional Neural Networks and Application
计算机科学, 2022, 49(3): 129-133. https://doi.org/10.11896/jsjkx.201100152
[6] 潘志豪, 曾碧, 廖文雄, 魏鹏飞, 文松.
基于交互注意力图卷积网络的方面情感分类
Interactive Attention Graph Convolutional Networks for Aspect-based Sentiment Classification
计算机科学, 2022, 49(3): 294-300. https://doi.org/10.11896/jsjkx.210100180
[7] 解宇, 杨瑞玲, 刘公绪, 李德玉, 王文剑.
基于动态拓扑图的人体骨架动作识别算法
Human Skeleton Action Recognition Algorithm Based on Dynamic Topological Graph
计算机科学, 2022, 49(2): 62-68. https://doi.org/10.11896/jsjkx.210900059
[8] 董夏磊, 项正龙, 吴泓润, 汪鼎文, 李元香.
基于开发者多元特征的软件缺陷自动分派方法
Automatic Assignment Method for Software Bug Based on Multivariate Features of Developers
计算机科学, 2022, 49(12): 81-88. https://doi.org/10.11896/jsjkx.211100040
[9] 张斌, 刘长红, 曾胜, 揭安全.
基于时空图卷积网络的语音驱动个人风格手势生成方法
Speech-driven Personal Style Gesture Generation Method Based on Spatio-Temporal GraphConvolutional Networks
计算机科学, 2022, 49(11A): 210900094-5. https://doi.org/10.11896/jsjkx.210900094
[10] 肖正业, 林世铨, 万修安, 方昱春, 倪兰.
基于时序信息对齐的连续手语跨模态知识蒸馏
Temporal Relation Guided Knowledge Distillation for Continuous Sign Language Recognition
计算机科学, 2022, 49(11): 156-162. https://doi.org/10.11896/jsjkx.220600036
[11] 宋龙泽, 万怀宇, 郭晟楠, 林友芳.
面向出租车空载时间预测的多任务时空图卷积网络
Multi-task Spatial-Temporal Graph Convolutional Network for Taxi Idle Time Prediction
计算机科学, 2021, 48(7): 112-117. https://doi.org/10.11896/jsjkx.201000089
[12] 程思伟, 葛唯益, 王羽, 徐建.
BGCN:基于BERT和图卷积网络的触发词检测
BGCN:Trigger Detection Based on BERT and Graph Convolution Network
计算机科学, 2021, 48(7): 292-298. https://doi.org/10.11896/jsjkx.200500133
[13] 宋元隆, 吕光宏, 王桂芝, 贾吾财.
基于图卷积神经网络的SDN网络流量预测
SDN Traffic Prediction Based on Graph Convolutional Network
计算机科学, 2021, 48(6A): 392-397. https://doi.org/10.11896/jsjkx.200800090
[14] 吕明琪, 洪照雄, 陈铁明.
一种融合时空关联与社会事件的交通流预测方法
Traffic Flow Forecasting Method Combining Spatio-Temporal Correlations and Social Events
计算机科学, 2021, 48(2): 264-270. https://doi.org/10.11896/jsjkx.200300098
[15] 叶松涛, 周扬正, 范红杰, 陈正雷.
融合因果关系和时空图卷积网络的人体动作识别
Joint Learning of Causality and Spatio-Temporal Graph Convolutional Network for Skeleton- based Action Recognition
计算机科学, 2021, 48(11A): 130-135. https://doi.org/10.11896/jsjkx.201200205
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!