Defense system protects medical digital twins from cyberattack

Medical digital twins are virtual models of the human body that can help predict diseases with high accuracy. However, they are vulnerable to cyberattacks that can manipulate data and lead to incorrect diagnoses. To address this, researchers from Dongguk University developed the Wavelet-Based Adversarial Training (WBAD) defense system. Tested on a breast cancer diagnostic model, WBAD restored accuracy to 98% against attacks, ensuring safer and more reliable medical digital twins for healthcare applications. 

Their approach, which aims to protect medical digital twins against cyberattacks, is published in the journal Information Fusion.

A digital twin is an exact virtual copy of a real-world system. Built using real-time data, they provide a platform to test, simulate, and optimize the performance of their physical counterpart. In healthcare, medical digital twins can create virtual models of biological systems to predict diseases or test medical treatments. However, medical digital twins are susceptible to adversarial attacks, where small, intentional modifications to input data can mislead the system into making incorrect predictions, such as false cancer diagnoses, posing significant risks to the safety of patients. To counter these threats, a research team from Dongguk University, Republic of Korea, and Oregon State University, USA, led by Professor Insoo Sohn, has proposed a novel defense algorithm: Wavelet-Based Adversarial Training (WBAD). 

“We present the first study within Digital Twin Security to propose a secure medical digital twin system, which features a novel two-stage defense mechanism against cyberattacks. This mechanism is based on wavelet denoising and adversarial training,” says Professor Insoo Sohn, from Dongguk University, the corresponding author of the study. 

The researchers tested their defense system on a digital twin designed to diagnose breast cancer using thermography images. Thermography detects temperature variations in the body, with tumors often appearing as hotter regions due to increased blood flow and metabolic activity. Their model processes these images using Discrete Wavelet Transform, which extracts essential features to create Initial Feature Point Images. These features are then fed into a machine learning classifier trained on a dataset of 1,837 breast images (both healthy and cancerous), to distinguish between normal and tumorous tissue.

Initially, the model achieved 92% accuracy in predicting breast cancer. However, when subjected to three types of adversarial attacks—Fast Gradient Sign Method, Projected Gradient Descent, and Carlini & Wagner attacks—its accuracy dropped drastically to just 5%, exposing its vulnerability to adversarial manipulations. To counter these threats, the researchers introduced a two-layer defense mechanism. The first layer, wavelet denoising, is applied during the image preprocessing stage. Adversarial attacks typically introduce high-frequency noise into input data to mislead the model. Wavelet denoising applies soft thresholding to remove this noise while preserving the low-frequency features of the image. 

To further improve the model's resilience, the researchers added an adversarial training step, which trains the machine learning model to recognize and resist adversarial inputs. This two-step defense strategy proved highly effective, with the model achieving 98% accuracy against FGSM attacks, 93% against PGD attacks, and 90% against C&W attacks. 

“Our results demonstrate a transformative approach to medical digital twin security, providing a comprehensive and effective defense against cyberattacks and leading to enhanced system functionality and reliability,” says Prof. Sohn. 

Source: Dongguk University

12.04.2025

• digitisation (74)
• IT (886)
• security (453)
• studies (916)
• virtual (78)