Nisa', Chilyatun (2024) Peningkatan Kinerja Model Klasifikasi Citra Histopatologi Paru-Paru Dan Usus Besar Dengan Adversarial Attack And Defense Pada Convolutional Neural Networks. Masters thesis, Institut Teknologi Sepuluh Nopember.
Text
6025221001-Master_Thesis.pdf - Accepted Version Restricted to Repository staff only until 1 July 2026. Download (4MB) | Request a copy |
Abstract
Kanker merupakan penyebab kematian terbesar kedua di dunia. Kanker paru-paru dan kanker usus besar dapat terjadi secara bersamaan, biasanya kanker paru-paru menjadi kanker primer kedua pada pasien dengan kanker usus besar. Penerapan Deep Learning (DL) pada deteksi dini kanker usus besar dan paru-paru mampu memberikan hasil klasifikasi yang akurat. Namun penelitian terbaru menyebutkan bahwa model DL sangat rentan terhadap gangguan yang ditambahkan ke dalam citra masukan yang kemudian disebut adversarial attack. Sehingga model tidak cukup hanya akurat saja melainkan harus dapat bertahan terhadap gangguan sekecil apapun dengan menerapkan metode adversarial defense. Penelitian ini bertujuan untuk meningkatkan kinerja model Convolutional Neural Networks (CNN) agar lebih andal dalam mengklasifikasi perturbed data. Perturbed data adalah citra hasil generated dari metode adversarial attack, di mana penampakan citra secara visual terlihat tidak berbeda dengan citra aslinya, namun secara signifikan dapat memengaruhi kinerja model DL dalam melakukan klasifikasi. Penelitian ini menggunakan metode adversarial training untuk meningkatkan keandalan model dalam menghadapi adversarial attack. Adversarial attack adalah metode untuk memanipulasi model DL dengan cara memodifikasi data input sehingga model menghasilkan prediksi yang salah. Metode ini dilakukan dengan menambahkan gangguan kecil pada data input sehingga dapat menyebabkan perubahan hasil klasifikasi. Adversarial training adalah metode untuk meningkatkan ketahanan model DL terhadap adversarial attack. Dalam metode ini, model dilatih tidak hanya pada data asli tetapi juga pada data tergangggu. Tujuannya supaya model dapat mengenali dan menangani gangguan, sehingga meningkatkan kemampuan model untuk membuat prediksi yang lebih baik dan lebih tahan terhadap manipulasi. Jenis adversarial attack yang digunakan adalah white-box attack dimana penyerang memiliki akses penuh terhadap model yang diserang. Metode white-box attack yang digunakan ada lima yaitu Carlini-Wagner (CW), Momentum Iterarative Fast Gradient Sign Method (MIFGSM), Projected Gradient Descent in Trades (TPGD), DeepFool, dan Fast Gradient Sign Method (FGSM). Uji coba dilakukan dengan empat model CNN yaitu model yang dirancang penulis bernama OurCNN dan tiga model pre-trained yaitu GoogLeNet, ShuffleNetV2, dan ResNet18. Metode adversarial attack and defense diuji menggunakan dataset LC25000 dan Chaoyang. LC25000 terdiri dari 25.000 citra histopatologi paru-paru dan usus besar dengan lima kelas: colon adenocarcinoma, benign colon, lung adenocarcinoma, benign lung, dan lung squamous cell carcinoma. Sementara Chaoyang memiliki 12.140 citra histopatologi usus besar dengan empat kelas: normal, serrated, adenocarcinoma, dan adenoma. Sebelum pelatihan dilakukan praproses data, termasuk resizing, brightness, normalization, dan pembagian data menjadi 70% latih, 10% validasi, dan 20% uji. Setelah pengujian, akurasi yang diperoleh model OurCNN adalah 0,92 pada LC25000 dan 0,61 pada Chaoyang, akurasi keduanya di bawah akurasi model pre-trained. Adversarial attack menurunkan drastis akurasi seluruh model CNN. Pada LC25000, ShuffleNetV2 tidak dapat mengklasifikasikan satupun citra setelah diserang MIFGSM, sedangkan pada Chaoyang model OurCNN paling rentan dengan akurasi 0,10 menggunakan FGSM. Adversarial training memberikan perkembangan signifikan, terutama pada GoogLeNet untuk LC25000 dengan metode CW, mencapai akurasi 0,81 pada data terganggu. Untuk Chaoyang, ShuffleNetV2 mencapai akurasi 0,70 pada DeepFool dan CW. OurCNN bertahan paling baik dengan akurasi 0,70 dan 0,68 menggunakan CW dan MIFGSM di LC25000, serta akurasi 0,42 dan 0,38 di Chaoyang
======================================================================================================================================
Cancer is the second largest cause of death in the world. Lung cancer and colon cancer can occur simultaneously, usually lung cancer becomes the second primary cancer in patients with colon cancer. The application of Deep Learning (DL) in early detection of colon and lung cancer is able to provide accurate classification results. However, recent research states that DL models are very vulnerable to interference added to the input image which is then called an adversarial attack. So it is not enough for the model to be accurate, but must be able to withstand the slightest disturbance by applying the adversarial defense method. This research aims to improve the performance of Convolutional Neural Networks (CNN) models to make them more reliable in classifying perturbed data. Perturbed data is an image generated from the adversarial attack method, where the visual appearance of the image does not look different from the original image, but can significantly affect the performance of the DL model in carrying out classification. This research uses the adversarial training method to increase the reliability of the model in dealing with adversarial attacks. Adversarial attack is a method for manipulating a DL model by modifying input data so that the model produces wrong predictions. This method is carried out by adding small disturbances to the input data so that it can cause changes in the classification results. Adversarial training is a method to increase the resilience of DL models to adversarial attacks. In this method, the model is trained not only on original data but also on disturbed data. The goal is that the model can recognize and handle disturbances, thereby increasing the model's ability to make better predictions and be more resistant to manipulation. The type of adversarial attack used is a white-box attack where the attacker has full access to the model being attacked. There are five white-box attack methods used, namely Carlini-Wagner (CW), Momentum Iterative Fast Gradient Sign Method (MIFGSM), Projected Gradient Descent in Trades (TPGD), DeepFool, and Fast Gradient Sign Method (FGSM). The trials were carried out with four CNN models, namely a model designed by the author called OurCNN and three pre-trained models, namely GoogLeNet, ShuffleNetV2, and ResNet18. The adversarial attack and defense method was tested using the LC25000 and Chaoyang datasets. LC25000 consists of 25,000 histopathology images of the lungs and large intestine with five classes: colon adenocarcinoma, benign colon, lung adenocarcinoma, benign lung, and lung squamous cell carcinoma. Meanwhile, Chaoyang has 12,140 histopathology images of the colon with four classes: normal, serrated, adenocarcinoma, and adenoma. Before training, data preprocessing is carried out, including resizing, brightness, normalization, and dividing the data into 70% training, 10% validation, and 20% test. After testing, the accuracy obtained by the OurCNN model was 0.92 on LC25000 and 0.61 on Chaoyang, both accuracies were below the accuracy of the pre-trained model. Adversarial attacks drastically reduce the accuracy of all CNN models. On LC25000, ShuffleNetV2 cannot classify a single image after being attacked by MIFGSM, while on Chaoyang the OurCNN model is the most vulnerable with an accuracy of 0.10 using FGSM. Adversarial training provides significant developments, especially on GoogLeNet for LC25000 with the CW method, achieving an accuracy of 0.81 on perturbed data. For Chaoyang, ShuffleNetV2 achieves an accuracy of 0.70 on DeepFool and CW. OurCNN held up best with accuracies of 0.70 and 0.68 using CW and MIFGSM on LC25000, and accuracies of 0.42 and 0.38 on Chaoyang
Item Type: | Thesis (Masters) |
---|---|
Uncontrolled Keywords: | adversarial attack and defense, convolutional neural network, histopathology, image classification, lung and colon cancer |
Subjects: | R Medicine > RB Pathology T Technology > T Technology (General) T Technology > T Technology (General) > T57.5 Data Processing T Technology > TA Engineering (General). Civil engineering (General) > TA1637 Image processing--Digital techniques |
Divisions: | Faculty of Intelligent Electrical and Informatics Technology (ELECTICS) > Informatics Engineering > 55101-(S2) Master Thesis |
Depositing User: | Chilyatun Nisa' |
Date Deposited: | 02 Feb 2024 03:59 |
Last Modified: | 02 Feb 2024 03:59 |
URI: | http://repository.its.ac.id/id/eprint/105939 |
Actions (login required)
View Item |