Black-Box Transferable Adversarial Attack Method Based on Generative Adversarial Networks for Lung Disease Diagnosis Models

A black-box transferable adversarial attack method based on GAN for lung disease diagnosis models was proposed to address the low success rate of attacks in black-box scenarios and low generation quality of existing adversarial attack methods. The method was built based on pulmonary medical images, with the residual neural network as the basic skeleton. In the generator, residual blocks based on dilated convolution and pyramidal segmentation attention mechanism were designed to improve the multi-scale feature representation capability of the network at finer granularity; discriminators with auxiliary classifiers were set up to correctly classify the samples, and the attackers were added to the discriminators for adversarial training to enhance the adversarial sample attack capability and stabilize the training of GAN. The data-free black-box adversarial attack framework was also used to train alternative models to achieve transferable adversarial attack and obtain a more effective and higher black-box attack success rate. The method achieved adversarial success rates of 68. 95% and 79. 34% for targeted attacks and untargeted attacks respectively. Compared with other GAN-based attack methods in black-box scenarios, it presents a higher transferability attack success rate and the generated adversarial samples are closer to the real samples, solving the problem that traditional GAN-based attack methods cannot capture the detailed features of lung images and thus cannot obtain better adversarial performance. This method provides a reference for improving the security and robustness of lung disease diagnosis models in practical application scenarios. © 2023 Xi'an Jiaotong University. All rights reserved.