Abstract
Deep and machine learning models have become pivotal in medical image analysis, especially for diagnosing COVID-19 using X-rays and CT scans. While these models, including transfer learning-based approaches, have achieved high accuracy, they remain highly vulnerable to adversarial attacks, which can manipulate input data and cause misclassification, posing critical risks in clinical applications. This study introduces a novel approach to addressing this issue by systematically evaluating the impact of adversarial attacks on COVID-19 diagnosis models built with two leading architectures, VGG-16 and DenseNet-121, using the Fast Gradient Sign Method (FGSM). The FGSM attack causes a dramatic drop in accuracy, reducing VGG-16’s accuracy from 95.12 to 9.97% and DenseNet-121’s from 96.51 to 10.13%. To counter these vulnerabilities, we propose a novel defense mechanism that combines adversarial training with Gaussian noise data augmentation, a dynamic approach that generates perturbations across various epsilon values during the training phase. This innovative method significantly enhances model robustness, restoring accuracy to over 92% on adversarial examples. These findings emphasize the need for strong defense mechanisms in deep learning models for COVID-19 diagnosis, ensuring reliability and security against adversarial threats in clinical environments.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Data availability
The datasets analyzed during the current study are available in the KAGGLE repository, https://github.com/lindawangg/COVID-Net/blob/master/docs/COVIDx.md. The code generated during and/or analyzed during the current study is available from the corresponding author on reasonable request.
References
Abdel-Zaher AM, Eldeib AM (2016) Breast cancer classification using deep belief networks. ExpertSyst Appl 46:139–144
Akter S, Shamrat FMJM, Chakraborty S, Karim A, Azam S (2021) COVID-19 detection using deep learning algorithm on chest X-ray images. Biology 10(11):1174. https://doi.org/10.3390/biology10111174
Bakator M, Radosav D (2018) Deep learning and medical diagnosis: a review of literature. Multimodal Technol Interact 2(3):47. https://doi.org/10.3390/mti2030047
Brinati D, Campagner A, Ferrari D et al (2020) Detection of COVID-19 infection from routine blood exams with machine learning: a feasibility study. J Med Syst 44:135. https://doi.org/10.1007/s10916-020-01597-4
Brosch T, Tam R (2013) Manifold learning of brain MRIs by deep learn-ing. Med Image Comput Comput Assist Interv 16:633–640
Carlini, N., & Wagner, D. (2017, May). Towards evaluating the robustness of neural networks. In: 2017 ieee symposium on security and privacy (sp). IEEE, pp. 39–57
Chen H, Guo S, Hao Y et al (2021) Auxiliary diagnosis for COVID-19 with deep transfer learning. J Digit Imaging 34:231–241. https://doi.org/10.1007/s10278-021-00431-8
DC Ciresan, A Giusti, LM Gambardella, J Schmidhuber, "Mitosis detection in breast cancer histology images with deep neural networks," In: International Conference on Medical Image Computing and Computer-assisted Intervention, 2013, pp. 411–418.
Davenport T, Kalakota R (2019) The potential for artificial intelligence in healthcare. Future Healthcare J 6(2):94–98. https://doi.org/10.7861/futurehosp.6-2-94
Deng J, Dong W, Socher R, Li LJ, Li K, Fei-Fei L (2009) Imagenet: a large-scale hierarchical image database]. In 2009 IEEE conference on computer vision and pattern recognition, pp. 248–255. IEEE
Esteva A, Robicquet A, Ramsundar B, Kuleshov V, DePristo M, Chou K, Cui C, Corrado G, Thrun S, Dean J (2019) A guide to deep learning in healthcare. Nature Med 25(1):24–29. https://doi.org/10.1038/s41591-018-0316-z
SB Ul Haque, A Zafar, K Roshan, 2023 "Security Vulnerability in Face Mask Monitoring System," 2023 10th International conference on computing for sustainable global development (INDIACom), New Delhi, India, pp. 231–237
Fang Y, Zhang H, Xie J, Lin M, Ying L, Pang P, Ji W (2020) Sensitivity of chest CT for COVID-19: comparison to RT-PCR. Radiology 296:200432
Finlayson SG, Bowers JD, Ito J, Zittrain JL, Beam AL, Kohane IS (2019) Adversarial attacks on medical machine learning. Science 363(6433):1287–1289
Gao K, Su J, Jiang Z, Zeng LL, Feng Z, Shen H, Rong P, Xu X, Qin J, Yang Y, Wang W, Hu D (2021) Dual-branch combination network (DCN): towards accurate diagnosis and lesion segmentation of COVID-19 using CT images. Med Image Anal 67:101836. https://doi.org/10.1016/j.media.2020.101836
Gifani P, Shalbaf A, Vafaeezadeh M (2021) Automated detection of COVID-19 using ensemble of transfer learning with deep convolutional neural network based on CT scans. Int J CARS 16:115–123. https://doi.org/10.1007/s11548-020-02286-w
Gongye C, Li H, Zhang X, Sabbagh M, Yuan G, Lin X, ... Fei Y (2020) New passive and active attacks on deep neural networks in medical applications. In: Proceedings of the 39th international conference on computer-aided design, pp. 1–9
Goodfellow IJ, Shlens J, Szegedy C (2014) Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572
Hirano H, Koga K, Takemoto K (2020) Vulnerability of deep neural networks for detecting COVID-19 cases from chest X-ray images to universal adversarial attacks. PLoS ONE 15(12):e0243963
Horry MJ, Chakraborty S, Paul M, Ulhaq A, Pradhan B, Saha M, Shukla N (2020) COVID-19 detection through transfer learning using multimodal imaging data. Ieee Access 8:149808–149824
Huang G, Liu Z, Van Der Maaten L, Weinberger KQ (2017) Densely connected convolutional networks. In Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 4700–4708
Jin B, Che C, Liu Z, Zhang S, Yin X, Wei X (2018) Predicting the risk of heart failure with EHRsequential data modeling. IEEE Access 6:9256–9261
Kakizaki K, Yoshida K (2019) Adversarial image translation: Unrestricted adversarial examples in face recognition systems. arXiv preprint arXiv:1905.03421.
Kim M, Yun J, Cho Y, Shin K, Jang R, Bae HJ, Kim N (2019) Deep Learning in Medical Imaging. Neurospine 16(4):657–668. https://doi.org/10.14245/ns.1938396.198
L. (2022) GitHub—lindawangg/COVID-Net: COVID-Net open source initiative. GitHub. https://github.com/lindawangg/COVID-Net
M Levy, G Amit, Y Elovici, Y Mirsky, 2022 "The security of deep learning defences for medical imaging," arXiv preprint arXiv:2201.08661
Li R, Zhang W, Suk HI, Wang L, Li J, Shen D, Ji S (2014) Deep learning based imaging data completion for improved brain disease diagnosis. Med Image Comput Comput Assist Interv 17(Pt 3):305–312
Li Y, Yao L, Li J, Chen L, Song Y, Cai Z, Yang C (2020) Stability issues of RT-PCR testing of SARS-CoV-2 for hospitalized patients clinically diagnosed with COVID-19. J Med Virol 92:903–908
Li G, Togo R, Ogawa T et al (2023) COVID-19 detection based on self-supervised transfer learning using chest X-ray images. Int J CARS 18:715–722. https://doi.org/10.1007/s11548-022-02813-x
Liu S, Liu S, Cai W, et al. 2014 Early diagnosis of Alzheimer's dis-ease with deep learning. In: International Symposium onBiomedical Imaging, Beijing, China, 1015–18
Madry A, Makelov A, Schmidt L, Tsipras D, Vladu A (2017) Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083
Majumdar A, Singhal V (2017) Noisy deep dictionary learning: application to Alzheimer's Disease classification. In: Neural networks (IJCNN), 2017 international joint conference on. IEEE, pp 2679–2683
Meng Y, Bridge J, Addison C, Wang M, Merritt C, Franks S, Mackey M, Messenger S, Sun R, Fitzmaurice T, McCann C, Li Q, Zhao Y, Zheng Y (2023) Bilateral adaptive graph convolutional network on CT based Covid-19 diagnosis with uncertainty-aware consensus-assisted multiple instance learning. Med Image Anal 84:102722. https://doi.org/10.1016/j.media.2022.102722
Minaee S, Kafieh R, Sonka M, Yazdani S, Jamalipour Soufi G (2020) Deep-COVID: predicting COVID-19 from chest X-ray images using deep transfer learning. Med Image Anal 65:101794. https://doi.org/10.1016/j.media.2020.101794
Miotto R, Wang F, Wang S, Jiang X, Dudley JT (2017) Deep learning for healthcare: review, opportunities and challenges. Briefings Bioinform 19(6):1236–1246. https://doi.org/10.1093/bib/bbx044
Nasser AA, Akhloufi MA (2023) Deep learning methods for chest disease detection using radiography images. SN Comput Sci 4:388. https://doi.org/10.1007/s42979-023-01818-w
Pal B, Gupta D, Rashed-Al-Mahfuz M, Alyami SA, Moni MA (2021) Vulnerability in deep transfer learning models to adversarial fast gradient sign attack for covid-19 prediction from chest radiography images. Appl Sci 11(9):4233
Qi X, Brown LG, Foran DJ et al (2021a) Chest X-ray image phase features for improved diagnosis of COVID-19 using convolutional neural network. Int J CARS 16:197–206. https://doi.org/10.1007/s11548-020-02305-w
Qi G, Gong L, Song Y, Ma K, Zheng Y (2021) Stabilized medical image attacks. arXiv preprint arXiv:2103.05232.
Rahman A, Hossain MS, Alrajeh NA, Alsolami F (2020) Adversarial examples—security threats to COVID-19 deep learning systems in medical IoT devices. IEEE Internet Things J 8(12):9603–9610
Rana M, Bhushan M (2022) Machine learning and deep learning approach for medical image analysis: diagnosis to detection. Multimedia Tools Appl 82(17):26731–26769. https://doi.org/10.1007/s11042-022-14305-w
Roshan K, Zafar A, Haque SBU (2023) Untargeted white-box adversarial attack with heuristic defence methods in real-time deep learning based network intrusion detection system. Comput Commun. https://doi.org/10.1016/j.comcom.2023.09.030
Sheikh B, Zafar A (2023) Beyond accuracy and precision: a robust deep learning framework to enhance the resilience of face mask detection models against adversarial attacks. Evol Syst. https://doi.org/10.1007/s12530-023-09522-z
Sheikh BUH, Zafar A (2023) Untargeted white-box adversarial attack to break into deep learning based COVID-19 monitoring face mask detection system. Multimed Tools Appl. https://doi.org/10.1007/s11042-023-15405-x
Sheikh BUH, Zafar A (2023) Unlocking adversarial transferability: a security threat towards deep learning-based surveillance systems via black box inference attack—a case study on face mask surveillance. Multimed Tools Appl. https://doi.org/10.1007/s11042-023-16439-x
Sheikh BUH, Zafar A (2023a) White-box inference attack: compromising the security of deep learning-based COVID-19 diagnosis systems. Int J Inf Tecnol. https://doi.org/10.1007/s41870-023-01538-7
Sheikh B, Zafar A (2023b) RRFMDS: rapid real-time face mask detection system for effective COVID-19 monitoring. SN COMPUT SCI 4:288. https://doi.org/10.1007/s42979-023-01738-9
Simonyan K, Zisserman A (2014) Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556
Singh M, Bansal S, Ahuja S et al (2021) Transfer learning–based ensemble support vector machine model for automated COVID-19 detection using lung computerized tomography scan data. Med Biol Eng Comput 59:825–839. https://doi.org/10.1007/s11517-020-02299-2
Sun W, Tseng TB, Zhang J, Qian W (2017) Computerized medical imaging and graphics enhancingdeep convolutional neural network scheme for breast cancer diagnosis with unlabeled data. ComputMed Imaging Graph 57:4–9
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R. 2013 Intriguing properties of neural networks. arXiv, arXiv:1312.6199
Venkataramana L, Prasad DVV, Saraswathi S et al (2022) Classification of COVID-19 from tuberculosis and pneumonia using deep learning techniques. Med Biol Eng Comput 60:2681–2691. https://doi.org/10.1007/s11517-022-02632-x
Wang L, Lin ZQ, Wong A (2020) Covid-net: a tailored deep convolutional neural network design for detection of covid-19 cases from chest x-ray images. Sci Rep 10(1):1–12
Wang S, Kang B, Ma J et al (2021) A deep learning algorithm using CT images to screen for Corona virus disease (COVID-19). Eur Radiol 31:6096–6104. https://doi.org/10.1007/s00330-021-07715-1
West CP, Montori VM, Sampathkumar P (2020) Covid-19 testing: the threat of false-negative results. Mayo Clin 95:1127–1129
Wu X, Chen C, Zhong M, Wang J, Shi J (2021) COVID-AL: The diagnosis of COVID-19 with deep active learning. Medical Image Anal 68:101913. https://doi.org/10.1016/j.media.2020.101913
Xu B, Martín D, Khishe M et al (2022) COVID-19 diagnosis using chest CT scans and deep convolutional neural networks evolved by IP-based sine-cosine algorithm. Med Biol Eng Comput 60:2931–2949. https://doi.org/10.1007/s11517-022-02637-6
Yin M, Liang X, Wang Z et al (2023) Identification of asymptomatic COVID-19 patients on chest CT images using transformer-based or convolutional neural network-based deep learning models. J Digit Imaging. https://doi.org/10.1007/s10278-022-00754-0
Younis MC (2021) Evaluation of deep learning approaches for identification of different corona-virus species and time series prediction. Comput Med Imaging Graph 90:101921. https://doi.org/10.1016/j.compmedimag.2021.101921
Zhao W, Alwidian S, Mahmoud QH (2022) Adversarial training methods for deep learning: a systematic review. Algorithms 15(8):283. https://doi.org/10.3390/a15080283
Funding
This research was not funded by any organization.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Haque, S.B.U., Zafar, A., Haq, S.R.U. et al. Threats to medical diagnosis systems: analyzing targeted adversarial attacks in deep learning-based COVID-19 diagnosis. Soft Comput 29, 1879–1896 (2025). https://doi.org/10.1007/s00500-025-10516-z
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-025-10516-z