IJCSNS - International Journal of Computer Science and Network Security

To search, Click below search items.

All Published Papers Search Service

Title	Enhancing Robustness in Medical Question Answering Systems with Novel Defense Models against Adversarial Attacks
Author	Atrab A. Abd El-Aziz, Reda A El-Khoribi, and Nour Eldeen Khalifa
Citation	Vol. 26 No. 4 pp. 25-42
Abstract	Medical Question Answering (MQA) systems are essential for accurate medical diagnoses but face significant threats from adversarial attacks that manipulate input text and lead to potential misinterpretations and erroneous recommendations. Although extensive research has focused on defenses for medical images, there is a notable gap in protections for MQA systems. To the best of our knowledge, this paper is the first to address this gap by introducing three advanced defense models specifically designed for MQA systems. The proposed models target both word-level (synonym substitution, word deletion) and character-level (random character insertion) attacks on the pre-trained BERT model. The Synonym Substitution Embedding (SSE) Defense Framework is designed to counter word synonym substitution attacks using Term Frequency-Inverse Document Frequency (TFIDF) and pre-trained transformers for enhanced synonym embedding. The second model, (CosineDefender) utilizes cosine similarity to mitigate these adversarial perturbations. While the third model (JaccardDefender) employs Jaccard similarity for defense against the same attacks. Evaluation of these models is conducted on three datasets: two medical datasets (Symptom2Disease and Medical Symptoms Text and Audio Classification) and one natural language dataset (AGs News) for comparative purposes. Results show that the SSE model reduces the attack success rate from 8.7% to 0.4% on the AGs News dataset. For Symptom2Disease, attack success rates are high (10.2%, 12.8%, and 62%) for word synonym substitution, word deletion, and random character insertion, but CosineDefender lowers these rates to 3.4%, 4.3%, and 12.8%. JaccardDefender performs best, achieving the lowest attack success rates (3.4%, 3.5%, and 3.4%) and highest accuracy across datasets. These findings highlight the effectiveness of these models in improving MQA system resilience against adversarial threats.
Keywords	Adversarial Attacks, BERT, Medical Question Answer (MQA), Term Frequency-Inverse Document Frequency (TFIDF).
URL	http://paper.ijcsns.org/07_book/202604/20260402.pdf