부산대학교 도서관

Data poisoning represents a set of techniques aimed at perturbing data for training machine learning models, affecting performance. Such intentional attacks are widespread in many applications involving deep learning algorithms and are aimed to provide misclassifications. In this paper, data poisoning on retinal images for the diabetic retinopathy binary classification (health and sick) is presented and evaluated. The presented attacks are almost imperceptible perturbations of the images that nevertheless decrement the metrics of the trained models. Once exposed to the data poisoning distortions on these images, a possible countermeasure to enhance the security from these attacks is shown. In this way, the robustness and vulnerabilities of the network are highlighted and the best result is also analyzed through the use of heatmaps, for the qualitative point of view. The paper aims to focus on the effects of data poisoning in deep learning model testing phase and to discuss possible countermeasures.