SAMD: A Tool for Identifying False Data Injection Scenarios in AI/ML-enabled Medical Devices
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel 2026-06-29 07:13 UTCgrok-4.3pith:TNOJDUH4record.jsonopen to challenge →
The pith
SAMD automates identification of false data injection risks in AI/ML medical devices by modeling them as control structures and using vulnerability databases with language models.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
SAMD models the medical system as a control structure in which all components are potential points for injecting false data into the ML engine. It combines vulnerability databases with large language models to automate discovery of weaknesses and to generate lists of potential attack scenarios that include concrete steps an adversary could take. Case studies on five FDA-cleared devices show the tool identifies target device technologies with 100 percent precision, retrieves linked known vulnerabilities with 63.2 percent precision, and produces highly relevant attack scenarios with 95.3 percent accuracy.
What carries the argument
The SAMD tool that represents the medical device as a control structure, treats every component as a possible false-data entry point into the ML model, and automates vulnerability lookup plus attack-scenario generation through databases and language models.
If this is right
- Device designers can locate vulnerable points and injection paths into the ML model before the system reaches end users.
- Detailed adversary steps for each scenario become available automatically during the design phase.
- Known vulnerabilities tied to specific device technologies are surfaced for review with measurable retrieval rates.
- The same process scales across multiple FDA-cleared devices without manual re-analysis of each component.
Where Pith is reading between the lines
- The same control-structure modeling could be applied to other safety-critical AI systems that combine hardware and software at deployment time.
- Regulatory bodies might incorporate automated scenario lists as part of pre-market security reviews for AI medical devices.
- Connecting the output directly to patch-management systems could shorten the time between scenario discovery and mitigation.
- Extending the approach to include runtime monitoring data might allow ongoing updates to the attack scenario list after deployment.
Load-bearing premise
The generated attack scenarios accurately reflect what real adversaries could achieve, based on the authors' assessment of relevance rather than separate external testing.
What would settle it
An independent red-team test on one of the five case-study devices in which security experts attempt the scenarios produced by SAMD and report how many succeed or match the generated steps.
Figures
read the original abstract
The growing integration of artificial intelligence (AI) and machine learning (ML) in medical systems requires effective measures to address emerging security risks. One such risk is that of adversaries introducing false data through vulnerable system components during inference, causing misdiagnosis and wrong treatments. These risks are challenging to anticipate and address in the design phase, as the system assembly partially occurs during actual use by end users. To address this concern, we introduce SAMD, an automated tool for performing System Theoretic Process Analysis for Security (STPA-Sec) on AI/ML-enabled medical devices during the design phase. SAMD models the medical system as a control structure, treating all system components as potential points for injecting false data into the ML engine. It leverages state-of-the-art vulnerability databases and Large Language Models (LLMs) to automate vulnerability discovery and generate a list of potential attack scenarios. We demonstrate SAMD's effectiveness through case studies on five FDA-cleared medical devices, showcasing its ability to identify vulnerable points and potential attack paths. We find that SAMD has 100% precision in identifying target device technologies in the case studies' documents, retrieves the known vulnerabilities linked to them (with 63.2% precision), and generates highly relevant attack scenarios on the ML model, including detailed steps that an adversary might take (with 95.3% accuracy, and the highest time taken being 191.64s).
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper introduces SAMD, a tool that automates STPA-Sec analysis for AI/ML-enabled medical devices by modeling systems as control structures, querying vulnerability databases, and using LLMs to identify false data injection points and generate attack scenarios. Case studies on five FDA-cleared devices claim 100% precision in identifying target device technologies from documentation, 63.2% precision in retrieving linked known vulnerabilities, and 95.3% accuracy in producing highly relevant attack scenarios with detailed adversary steps (maximum runtime 191.64 s).
Significance. If the evaluation methodology and external validation were provided and the metrics held under independent review, SAMD would represent a practical contribution to early-stage security analysis for regulated medical devices, where inference-time false data injection risks are difficult to anticipate manually. The combination of formal control-structure modeling with automated vulnerability lookup and scenario generation addresses a real gap in design-phase threat modeling for ML components.
major comments (2)
- [Abstract] Abstract: The central effectiveness claims rest on three quantitative metrics (100% technology identification precision, 63.2% vulnerability retrieval precision, 95.3% attack-scenario accuracy), yet the abstract supplies no description of the evaluation protocol, ground-truth construction, number of documents or scenarios assessed, blinding procedures, or whether relevance judgments were made solely by the authors versus external red-team reviewers. This omission is load-bearing because the paper's primary contribution is the demonstration of SAMD's utility via these results.
- [Abstract] Abstract / Results section: The 95.3% accuracy figure for 'highly relevant attack scenarios' is presented as evidence that the generated steps are actionable for adversaries, but no comparison against known real-world incidents, FDA-cleared device constraints, or STPA-Sec control-structure feasibility is described. Without such grounding, the metric functions as an internal plausibility score rather than a validated feasibility measure.
minor comments (1)
- [Abstract] The timing result (highest time taken 191.64 s) should specify the hardware, LLM model version, and whether the measurement includes database queries or only LLM generation.
Simulated Author's Rebuttal
We thank the referee for the constructive feedback on the abstract and evaluation details. We address each major comment below and will revise the manuscript accordingly to improve transparency.
read point-by-point responses
-
Referee: [Abstract] Abstract: The central effectiveness claims rest on three quantitative metrics (100% technology identification precision, 63.2% vulnerability retrieval precision, 95.3% attack-scenario accuracy), yet the abstract supplies no description of the evaluation protocol, ground-truth construction, number of documents or scenarios assessed, blinding procedures, or whether relevance judgments were made solely by the authors versus external red-team reviewers. This omission is load-bearing because the paper's primary contribution is the demonstration of SAMD's utility via these results.
Authors: We agree the abstract should summarize the evaluation setup. The metrics derive from case studies on five FDA-cleared devices: technology identification used device documentation as ground truth; vulnerability retrieval cross-referenced public databases for known links; scenario relevance was assessed by the authors for alignment with the STPA-Sec control structure and ML false-data-injection potential (no external reviewers or blinding). We will revise the abstract to include a concise description of the protocol, number of devices/scenarios, and judgment basis. revision: yes
-
Referee: [Abstract] Abstract / Results section: The 95.3% accuracy figure for 'highly relevant attack scenarios' is presented as evidence that the generated steps are actionable for adversaries, but no comparison against known real-world incidents, FDA-cleared device constraints, or STPA-Sec control-structure feasibility is described. Without such grounding, the metric functions as an internal plausibility score rather than a validated feasibility measure.
Authors: The 95.3% reflects author judgment of scenario relevance to the modeled control structure and ML component constraints. We did not compare to specific real-world incidents, as documented cases for these exact FDA-cleared devices are limited in public literature. The scenarios are explicitly tied to STPA-Sec control actions and retrieved vulnerabilities. We will revise the results section to clarify the metric's internal basis and add an explicit limitations paragraph on the absence of external incident validation. revision: partial
Circularity Check
No circularity; tool evaluation is empirical case-study reporting without self-referential derivations
full rationale
The paper describes SAMD as an automated STPA-Sec tool that models control structures, queries vulnerability databases, and uses LLMs to generate attack scenarios, then reports performance on five FDA-cleared device case studies (100% technology identification precision, 63.2% vulnerability retrieval precision, 95.3% scenario relevance accuracy). No equations, fitted parameters, predictions derived from inputs, self-citations, uniqueness theorems, or ansatzes appear in the provided text. The accuracy metric is an evaluation outcome on the generated scenarios rather than a quantity forced by construction from the method itself. This is a standard tool-description paper whose central claims rest on external case-study data rather than any closed loop.
Axiom & Free-Parameter Ledger
axioms (1)
- domain assumption STPA-Sec is a suitable framework for modeling false data injection risks in AI/ML medical devices
Reference graph
Works this paper leans on
-
[1]
Principles and Perspectives in Medical Diagnostic Systems Employing Artificial Intel- ligence (AI) Algorithms,
M. Tariq, Y . Hayat, A. Hussain, A. Tariq, and S. Rasool, “Principles and Perspectives in Medical Diagnostic Systems Employing Artificial Intel- ligence (AI) Algorithms,”International Research Journal of Economics and Management Studies, vol. 3, no. 1, pp. 376–398, 2024
2024
-
[2]
Artificial Intelligence and Machine Learning (AI/ML)-Enabled Medical Devices,
U.S. FDA, “Artificial Intelligence and Machine Learning (AI/ML)-Enabled Medical Devices,” 2023. [Online]. Available: https://www.fda.gov/medical-devices/software-medical-device- samd/artificial-intelligence-and-machine-learning-aiml-enabled- medical-devices
2023
-
[3]
NuVasive Pulse System,
——, “NuVasive Pulse System,” 2024. [Online]. Available: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfpmn/pmn.cfm? ID=K180038
2024
-
[4]
One Drop Blood Glucose Mon- itoring System,
——, “One Drop Blood Glucose Mon- itoring System,” 2024. [Online]. Available: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfpmn/pmn.cfm? ID=K161834
2024
-
[5]
Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems,
A. I. Newaz, N. I. Haque, A. K. Sikder, M. A. Rahman, and A. S. Ulua- gac, “Adversarial Attacks to Machine Learning-Based Smart Healthcare Systems,” inIEEE GLOBECOM ’20, 2020, pp. 1–6
2020
-
[6]
Threats to Training: A Survey of Poisoning Attacks and Defenses on Machine Learning Systems,
Z. Wang, J. Ma, X. Wang, J. Hu, Z. Qin, and K. Ren, “Threats to Training: A Survey of Poisoning Attacks and Defenses on Machine Learning Systems,”ACM Comput. Surv., vol. 55, no. 7, 2022
2022
-
[7]
Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI,
A. Barredo Arrieta, N. D ´ıaz-Rodr´ıguez, J. Del Ser, A. Bennetot, S. Tabik, A. Barbado, S. Garcia, S. Gil-Lopez, D. Molina, R. Benjamins, R. Chatila, and F. Herrera, “Explainable Artificial Intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI,”Information Fusion, vol. 58, pp. 82–115, 2020
2020
-
[8]
Secure and Robust Machine Learning for Healthcare: A Survey,
A. Qayyum, J. Qadir, M. Bilal, and A. Al-Fuqaha, “Secure and Robust Machine Learning for Healthcare: A Survey,”IEEE Reviews in Biomed- ical Engineering, vol. 14, pp. 156–180, 2021
2021
-
[9]
Protected or porous: a comparative analysis of threat detection capability of iot safeguards,
A. M. Mandalari, H. Haddadi, D. J. Dubois, and D. Choffnes, “Protected or porous: a comparative analysis of threat detection capability of iot safeguards,” in2023 IEEE Symposium on Security and Privacy (SP). IEEE, 2023, pp. 3061–3078
2023
-
[10]
A study of data store-based home automation,
K. Kafle, K. Moran, S. Manandhar, A. Nadkarni, and D. Poshyvanyk, “A study of data store-based home automation,” inProceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 2019, pp. 73–84
2019
-
[11]
Patching up: Stakeholder experiences of security updates for connected medical devices,
L. Kustosch, C. Ga ˜n´an, M. van Eeten, and S. Parkin, “Patching up: Stakeholder experiences of security updates for connected medical devices,” in34th USENIX Security Symposium (USENIX Security 25), 2025, pp. 2265–2281
2025
-
[12]
Discovering and understanding the security hazards in the interactions between{IoT}devices, mobile apps, and clouds on smart home platforms,
W. Zhou, Y . Jia, Y . Yao, L. Zhu, L. Guan, Y . Mao, P. Liu, and Y . Zhang, “Discovering and understanding the security hazards in the interactions between{IoT}devices, mobile apps, and clouds on smart home platforms,” in28th USENIX security symposium (USENIX security 19), 2019, pp. 1133–1150
2019
-
[13]
Systems-theoretic and data-driven security analysis in ml-enabled medical devices,
G. Mitra, M. Hallajiyan, I. Kim, A. P. Dharmalingam, M. Elnawawy, S. Iqbal, K. Pattabiraman, and H. Alemzadeh, “Systems-theoretic and data-driven security analysis in ml-enabled medical devices,” 2025. [Online]. Available: https://arxiv.org/abs/2506.15028
-
[14]
Systems thinking for safety and security,
W. Young and N. Leveson, “Systems thinking for safety and security,” inProceedings of ACM ACSAC ’13. Association for Computing Machinery, 2013, p. 1–8
2013
-
[15]
Introduction to stpa-sec,
C. Fleming, “Introduction to stpa-sec,”Systems Engineering for the Digital Age: Practitioner Perspectives, pp. 489–505, 2023
2023
-
[16]
d-Nav System,
U.S. FDA, “d-Nav System,” 2024. [Online]. Available: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfpmn/pmn.cfm? ID=K181916
2024
-
[17]
ABMD Software,
——, “ABMD Software,” 2024. [Online]. Available: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfpmn/pmn.cfm? ID=K213760
2024
-
[18]
IDx-DR v2.3,
——, “IDx-DR v2.3,” 2024. [Online]. Available: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfPMN/pmn.cfm? ID=K213037
2024
-
[19]
KIDScore D3,
——, “KIDScore D3,” 2024. [Online]. Available: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfPMN/pmn.cfm? ID=K182798
2024
-
[20]
Oxehealth Vital Signs,
——, “Oxehealth Vital Signs,” 2024. [Online]. Available: https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfPMN/pmn.cfm? ID=K220899
2024
-
[21]
Leveson,Engineering a safer world: Systems thinking applied to safety
N. Leveson,Engineering a safer world: Systems thinking applied to safety. MIT press, 2011
2011
-
[22]
An stpa primer,
N. Leveson and J. Thomas, “An stpa primer,”Cambridge, MA, 2013
2013
-
[23]
System-theoretic process analysis for security (STPA-SEC): Cyber security and STPA,
W. Young and R. Porada, “System-theoretic process analysis for security (STPA-SEC): Cyber security and STPA,” inSTAMP Conference. MIT Press, 2017, pp. 27–30
2017
-
[24]
Integrating autonomous vehicle safety and security analysis using STPA method and the six- step model,
G. Sabaliauskaite, L. S. Liew, and J. Cui, “Integrating autonomous vehicle safety and security analysis using STPA method and the six- step model,”International Journal on Advances in Security, vol. 11, no. 1&2, pp. 160–169, 2018
2018
-
[25]
Safety and Security Analysis of AEB for L4 Autonomous Vehicle Using STPA,
S. Sharma, A. Flores, C. Hobbs, J. Stafford, and S. Fischmeister, “Safety and Security Analysis of AEB for L4 Autonomous Vehicle Using STPA,” inWorkshop on ASD’19, ser. Open Access Series in Informatics (OASIcs), vol. 68. Schloss Dagstuhl – Leibniz-Zentrum f ¨ur Informatik, 2019, pp. 5:1–5:13
2019
-
[26]
Sam: Foreseeing inference-time false data injec- tion attacks on ml-enabled medical devices,
M. Hallajiyan, A. P. Dharmalingam, G. Mitra, H. Alemzadeh, S. Iqbal, and K. Pattabiraman, “Sam: Foreseeing inference-time false data injec- tion attacks on ml-enabled medical devices,” inProceedings of the 2024 Workshop on Cybersecurity in Healthcare, 2023, pp. 77–84
2024
-
[27]
Abdulkhaleq and S
A. Abdulkhaleq and S. Wagner,Open tool support for system-theoretic process analysis. Universit ¨atsbibliothek der Universit¨at Stuttgart, 2014
2014
-
[28]
XSTAMPP: an eXtensible STAMP platform as tool support for safety engineering,
——, “XSTAMPP: an eXtensible STAMP platform as tool support for safety engineering,” 2015
2015
-
[29]
Transportation systems safety hazard analysis tool (SafetyHAT) user guide (version 1.0),
C. Becker and Q. Van Eikema Hommes, “Transportation systems safety hazard analysis tool (SafetyHAT) user guide (version 1.0),” USA, Tech. Rep., 2014
2014
-
[30]
WebSTAMP: A web application for STPA & STPA-Sec,
F. G. Souza, D. P. Pereira, R. M. Pagliares, S. Nadjm-Tehrani, and C. M. Hirata, “WebSTAMP: A web application for STPA & STPA-Sec,” in MATEC Web of Conferences, vol. 273. EDP Sciences, 2019, p. 02010
2019
-
[31]
A STAMP-based ontology approach to support safety and security analyses,
D. P. Pereira, C. Hirata, and S. Nadjm-Tehrani, “A STAMP-based ontology approach to support safety and security analyses,”Journal of Information Security and Applications, vol. 47, pp. 302–319, 2019
2019
-
[32]
Safety Analysis in the Era of Large Language Models: A Case Study of STPA Using ChatGPT,
Y . Qi, X. Zhao, S. Khastgir, and X. Huang, “Safety Analysis in the Era of Large Language Models: A Case Study of STPA Using ChatGPT,” 2023
2023
-
[33]
Welcome Your New AI Teammate: On Safety Analysis by Leashing Large Language Models,
A. Nouri, B. Cabrero-Daniel, F. Torner, H. Sivencrona, and C. Berger, “Welcome Your New AI Teammate: On Safety Analysis by Leashing Large Language Models,” inProceedings of the IEEE/ACM CAIN ’24, 2024, p. 172–177
2024
-
[34]
Engineering Safety Requirements for Autonomous Driving with Large Language Models,
A. Nouri, B. Cabrero-Daniel, F. T ¨orner, H. Sivencrona, and C. Berger, “Engineering Safety Requirements for Autonomous Driving with Large Language Models,” 2024
2024
-
[35]
Systematically Assessing the Security Risks of AI/ML-enabled Con- nected Healthcare Systems,
M. Elnawawy, M. Hallajiyan, G. Mitra, S. Iqbal, and K. Pattabiraman, “Systematically Assessing the Security Risks of AI/ML-enabled Con- nected Healthcare Systems,” inProceedings of IEEE/ACM CHASE ’24, 2024, pp. 97–108
2024
-
[36]
Design and validation of an open-source closed-loop testbed for artificial pancreas systems,
X. Zhou, M. Kouzel, H. Ren, and H. Alemzadeh, “Design and validation of an open-source closed-loop testbed for artificial pancreas systems,” in2022 IEEE/ACM Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE). IEEE, 2022, pp. 1–12
2022
-
[37]
Blur- tooth: Exploiting cross-transport key derivation in bluetooth classic and bluetooth low energy,
D. Antonioli, N. O. Tippenhauer, K. Rasmussen, and M. Payer, “Blur- tooth: Exploiting cross-transport key derivation in bluetooth classic and bluetooth low energy,” inProceedings of the 2022 ACM on Asia conference on computer and communications security, 2022, pp. 196– 207
2022
-
[38]
Android source code vulnerability detection: a systematic literature review,
J. Senanayake, H. Kalutarage, M. O. Al-Kadri, A. Petrovski, and L. Piras, “Android source code vulnerability detection: a systematic literature review,”ACM Computing Surveys, vol. 55, no. 9, pp. 1–37, 2023
2023
-
[39]
Survey on wireless network security,
R. Nazir, A. A. Laghari, K. Kumar, S. David, and M. Ali, “Survey on wireless network security,”Archives of Computational Methods in Engineering, pp. 1–20, 2021
2021
-
[40]
Electromagnetic radiofrequency radiation emitted from gsm mobile phones decreases the accuracy of home blood glucose monitors,
S. Mortazavi, X. Gholampour, M. Haghani, G. Mortazavi, and A. Mor- tazavi, “Electromagnetic radiofrequency radiation emitted from gsm mobile phones decreases the accuracy of home blood glucose monitors,” Journal of Biomedical Physics and Engineering, vol. 4, no. 3, 2014
2014
-
[41]
Hallucinations in llms: Understanding and addressing challenges,
G. Perkovi ´c, A. Drobnjak, and I. Boti ˇcki, “Hallucinations in llms: Understanding and addressing challenges,” in2024 47th MIPRO ICT and Electronics Convention (MIPRO). IEEE, 2024, pp. 2084–2088
2024
-
[42]
Medaiscout: Automated retrieval of known machine learning vulnerabilities in medical applications,
A. P. Dharmalingam and G. Mitra, “Medaiscout: Automated retrieval of known machine learning vulnerabilities in medical applications,” inRed Teaming GenAI: What Can We Learn from Adversaries?, 2024
2024
-
[43]
GLiNER: Generalist model for named entity recognition using bidirectional transformer,
U. Zaratiana, N. Tomeh, P. Holat, and T. Charnois, “GLiNER: Generalist model for named entity recognition using bidirectional transformer,” inProceedings of the 2024 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (Volume 1: Long Papers), K. Duh, H. Gomez, and S. Bethard, Eds. Mexico C...
2024
-
[44]
J. Achiam, S. Adler, S. Agarwal, L. Ahmad, I. Akkaya, F. L. Aleman, D. Almeida, J. Altenschmidt, S. Altman, S. Anadkatet al., “Gpt-4 technical report,”arXiv preprint arXiv:2303.08774, 2023
work page internal anchor Pith review Pith/arXiv arXiv 2023
-
[45]
Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical De- vices—A Review,
T. Yaqoob, H. Abbas, and M. Atiquzzaman, “Security Vulnerabilities, Attacks, Countermeasures, and Regulations of Networked Medical De- vices—A Review,”IEEE Communications Surveys & Tutorials, vol. 21, no. 4, pp. 3723–3768, 2019
2019
-
[46]
How ChatGPT and our foundation models are developed,
OpenAI, “How ChatGPT and our foundation models are developed,”
-
[47]
Available: https://openai.com/policies/how-chatgpt-and- our-foundation-models-are-developed/
[Online]. Available: https://openai.com/policies/how-chatgpt-and- our-foundation-models-are-developed/
-
[48]
Role play with large language models,
M. Shanahan, K. McDonell, and L. Reynolds, “Role play with large language models,”Nature, vol. 623, no. 7987, pp. 493–498, 2023
2023
-
[49]
CAMEL: Communicative Agents for
G. Li, H. Hammoud, H. Itani, D. Khizbullin, and B. Ghanem, “CAMEL: Communicative Agents for ”Mind” Exploration of Large Language Model Society,” inAdvances in Neural Information Processing Systems, vol. 36. Curran Associates, Inc., 2023, pp. 51 991–52 008
2023
-
[50]
Teler: A general taxonomy of llm prompts for benchmarking complex tasks,
S. K. K. Santu and D. Feng, “Teler: A general taxonomy of llm prompts for benchmarking complex tasks,” 2023
2023
-
[51]
MITRE ATT&CK
MITRE, “MITRE ATT&CK.” [Online]. Available: https://attack.mitre.org/
-
[52]
Chain-of-thought prompting elicits reasoning in large language models,
J. Wei, X. Wang, D. Schuurmans, M. Bosma, F. Xia, E. Chi, Q. V . Le, and D. Zhou, “Chain-of-thought prompting elicits reasoning in large language models,”Advances in neural information processing systems, vol. 35, pp. 24 824–24 837, 2022
2022
-
[53]
The llama 3 herd of models,
A. Dubey, A. Jauhri, A. Pandey, A. Kadian, A. Al-Dahle, A. Letman, A. Mathur, A. Schelten, A. Yang, A. Fanet al., “The llama 3 herd of models,”arXiv e-prints, pp. arXiv–2407, 2024
2024
-
[54]
A mathematical investigation of hallucination and creativity in gpt models,
M. Lee, “A mathematical investigation of hallucination and creativity in gpt models,”Mathematics, vol. 11, no. 10, p. 2320, 2023
2023
-
[55]
Judging llm-as-a-judge with mt-bench and chatbot arena,
L. Zheng, W.-L. Chiang, Y . Sheng, S. Zhuang, Z. Wu, Y . Zhuang, Z. Lin, Z. Li, D. Li, E. Xinget al., “Judging llm-as-a-judge with mt-bench and chatbot arena,”Advances in neural information processing systems, vol. 36, pp. 46 595–46 623, 2023
2023
-
[56]
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures,
M. Fredrikson, S. Jha, and T. Ristenpart, “Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures,” in Proceedings of the ACM SIGSAC CCS ’15, 2015, p. 1322–1333
2015
-
[57]
CT-GAN: Malicious tampering of 3d medical imagery using deep learning,
Y . Mirsky, T. Mahler, I. Shelef, and Y . Elovici, “CT-GAN: Malicious tampering of 3d medical imagery using deep learning,” inUSENIX Security ’19. USENIX Association, 2019, pp. 461–478
2019
-
[58]
Adversarial exposure attack on diabetic retinopathy imagery grading,
Y . Cheng, Q. Guo, F. Juefei-Xu, H. Fu, S.-W. Lin, and W. Lin, “Adversarial exposure attack on diabetic retinopathy imagery grading,” IEEE Journal of Biomedical and Health Informatics, 2024
2024
-
[59]
Adver- sarial attacks and adversarial robustness in computational pathology,
N. Ghaffari Laleh, D. Truhn, G. P. Veldhuizen, T. Han, M. van Treeck, R. D. Buelow, R. Langer, B. Dislich, P. Boor, V . Schulzet al., “Adver- sarial attacks and adversarial robustness in computational pathology,” Nature communications, vol. 13, no. 1, p. 5711, 2022
2022
-
[60]
Adversarial Perturbations Against Real-Time Video Classification Systems
S. Li, A. Neupane, S. Paul, C. Song, S. V . Krishnamurthy, A. K. R. Chowdhury, and A. Swami, “Adversarial perturbations against real-time video classification systems,”arXiv preprint arXiv:1807.00458, 2018
work page internal anchor Pith review Pith/arXiv arXiv 2018
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.