One-Pixel Attack Deceives Computer-Assisted Diagnosis of Cancer

Computer vision and machine learning can be used to automate various tasks in cancer diagnostic and detection. If an attacker can manipulate the automated processing, the results can be devastating and in the worst case lead to wrong diagnosis and treatment. In this research, the goal is to demonstrate the use of one-pixel attacks in a real-life scenario with a real pathology dataset, TUPAC16, which consists of digitized whole-slide images. We attack against the IBM CODAIT’s MAX breast cancer detector using adversarial images. These adversarial examples are found using differential evolution to perform the one-pixel modification to the images in the dataset. The results indicate that a minor one-pixel modification of a whole slide image under analysis can affect the diagnosis by reversing the automatic diagnosis result. The attack poses a threat from the cyber security perspective: the one-pixel method can be used as an attack vector by a motivated attacker.


Joni Korpihalkola, Tuomo Sipola, Samir Puuska, Tero Kokkonen

Cite as

Joni Korpihalkola, Tuomo Sipola, Samir Puuska, and Tero Kokkonen. 2021. One-Pixel Attack Deceives Computer-Assisted Diagnosis of Cancer. 2021 4th International Conference on Signal Processing and Machine Learning. Association for Computing Machinery, New York, NY, USA, 100–106. DOI:



This work was supported by the Regional Council of Central Finland/Council of Tampere Region and European Regional Development Fund as part of the Health Care Cyber Range (HCCR) project of JAMK University of Applied Sciences Institute of Information Technology.

The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript.