Defending against adversarial attacks on medical imaging AI system, classification or detection?

TL;DR

This paper introduces a novel framework combining semi-supervised adversarial training and unsupervised detection to defend medical imaging AI systems against adversarial attacks, addressing unique challenges like label scarcity and subtle differences in medical images.

Contribution

The paper proposes a new robust medical imaging AI framework with SSAT and UAD, tailored to medical imaging challenges, and introduces a new measure for assessing adversarial risk.

Findings

Demonstrates robustness of the proposed system over existing defenses

Shows effectiveness on OCT imaging data under various attack scenarios

Addresses medical imaging specific challenges like label scarcity

Abstract

Medical imaging AI systems such as disease classification and segmentation are increasingly inspired and transformed from computer vision based AI systems. Although an array of adversarial training and/or loss function based defense techniques have been developed and proved to be effective in computer vision, defending against adversarial attacks on medical images remains largely an uncharted territory due to the following unique challenges: 1) label scarcity in medical images significantly limits adversarial generalizability of the AI system; 2) vastly similar and dominant fore- and background in medical images make it hard samples for learning the discriminating features between different disease classes; and 3) crafted adversarial noises added to the entire medical image as opposed to the focused organ target can make clean and adversarial examples more discriminate than that between different disease classes. In this paper, we propose a novel robust medical imaging AI framework based on Semi-Supervised Adversarial Training (SSAT) and Unsupervised Adversarial Detection (UAD), followed by designing a new measure for assessing systems adversarial risk. We systematically demonstrate the advantages of our robust medical imaging AI system over the existing adversarial defense techniques under diverse real-world settings of adversarial attacks using a benchmark OCT imaging data set.