Frequency Domain Adversarial Training for Robust Volumetric Medical Segmentation

TL;DR

This paper introduces a frequency domain adversarial attack and training method for 3D medical image segmentation models, enhancing robustness against adversarial attacks by leveraging frequency domain information.

Contribution

It proposes a novel 3D frequency domain adversarial attack and a corresponding adversarial training approach with frequency consistency loss for improved robustness.

Findings

Enhanced model robustness against frequency domain attacks

Better tradeoff between clean and adversarial sample performance

Publicly available code for reproducibility

Abstract

It is imperative to ensure the robustness of deep learning models in critical applications such as, healthcare. While recent advances in deep learning have improved the performance of volumetric medical image segmentation models, these models cannot be deployed for real-world applications immediately due to their vulnerability to adversarial attacks. We present a 3D frequency domain adversarial attack for volumetric medical image segmentation models and demonstrate its advantages over conventional input or voxel domain attacks. Using our proposed attack, we introduce a novel frequency domain adversarial training approach for optimizing a robust model against voxel and frequency domain attacks. Moreover, we propose frequency consistency loss to regulate our frequency domain adversarial training that achieves a better tradeoff between model's performance on clean and adversarial samples. Code is publicly available at https://github.com/asif-hanif/vafa.