Szczegóły publikacji
Opis bibliograficzny
Impact of black-box adversarial attacks on deep neural networks for skin imaging / Bartłomiej MONIAK, Joanna JAWOREK-KORJAKOWSKA // W: ICCV-W 2025 [Dokument elektroniczny] : 2025 IEEE/CVF International Conference on Computer Vision Workshops : 19–20 October 2025, Honolulu, United States : proceedings. — Wersja do Windows. — Dane tekstowe. — Piscataway : IEEE, cop. 2025. — ( IEEE International Conference on Computer Vision Workshops ; ISSN 2473-9936 ). — Print on Demand (PoD) ISBN: 979-8-3315-8989-9. — e-ISBN: 979-8-3315-8988-2. — S. 1145–1153. — Wymagania systemowe: Adobe Reader. — Bibliogr. s. 1153, Abstr. — Publikacja dostępna online od: 2025-02-23
Autorzy (2)
Słowa kluczowe
Dane bibliometryczne
| ID BaDAP | 167844 |
|---|---|
| Data dodania do BaDAP | 2026-06-16 |
| Tekst źródłowy | URL |
| DOI | 10.1109/ICCVW69036.2025.00123 |
| Rok publikacji | 2025 |
| Typ publikacji | materiały konferencyjne (aut.) |
| Otwarty dostęp |  |
| Wydawca | Institute of Electrical and Electronics Engineers (IEEE) |
| Konferencja | IEEE International Conference on Computer Vision 2025 |
| Czasopismo/seria | IEEE International Conference on Computer Vision Workshops |
Abstract
Adversarial attacks have emerged as a critical threat vector against deep learning models, enabling the manipulation of model outputs through carefully crafted input perturbations. In this study, we explore the effectiveness of three black-box adversarial attack methodologies-where the attacker has no access to model internals-in the context of skin image classification. Using clinically relevant dermatological image datasets, we demonstrate that these attacks can reliably degrade the predictive performance of state-of-the-art convolutional neural networks, even under strict black-box constraints. We evaluate the proposed approach using black-box, noise-driven adversarial perturbations, including uniform random noise, Gaussian-masked noise, and anatomically-constrained noise guided by segmentation masks generated via the Segment Anything v2 (SAM2) model. The proposed black-box attacks resulted in a significant reduction in model accuracy (up to 23.75%) and F1-Score (as much as 50% drop). These results reveal a critical vulnerability of medical image classifiers to adversarial attacks and the importance of incorporating robust safety mechanisms during model development and deployment. The proposed models employ transfer learning using architectures such as ResNet-50 and EfficientNet (B0,B4, and B7). Training is conducted in two phases: initially, the backbone is frozen while a custom classification head is trained to adapt to the skin imaging domain. Subsequently, a two-stage unfreezing strategy is applied, grad-ually fine-tuning deeper layers of the network to improve task-specific feature representation. All models are trained on ISIC archive datasets, utilizing the 3D whole-body scans from ISIC 2024 and dermoscopic images from ISIC 2018 to ensure diversity in acquisition modalities and improve generalization across clinically relevant input types.
