Susceptibility of Adversarial Attack on Medical Image Segmentation Models

TL;DR

This paper investigates the vulnerability of medical image segmentation models, specifically U-Net variants trained on MRI data, to adversarial attacks like FGSM, revealing significant susceptibility and insights into attack effectiveness.

Contribution

The study demonstrates that medical segmentation models are vulnerable to adversarial attacks and shows that different loss functions influence attack success, challenging previous assumptions.

Findings

Segmentation models are vulnerable to FGSM attacks

No significant correlation between model size and attack success

Different loss functions affect attack effectiveness

Abstract

The nature of deep neural networks has given rise to a variety of attacks, but little work has been done to address the effect of adversarial attacks on segmentation models trained on MRI datasets. In light of the grave consequences that such attacks could cause, we explore four models from the U-Net family and examine their responses to the Fast Gradient Sign Method (FGSM) attack. We conduct FGSM attacks on each of them and experiment with various schemes to conduct the attacks. In this paper, we find that medical imaging segmentation models are indeed vulnerable to adversarial attacks and that there is a negligible correlation between parameter size and adversarial attack success. Furthermore, we show that using a different loss function than the one used for training yields higher adversarial attack success, contrary to what the FGSM authors suggested. In future efforts, we will conduct the experiments detailed in this paper with more segmentation models and different attacks. We will also attempt to find ways to counteract the attacks by using model ensembles or special data augmentations. Our code is available at https://github.com/ZhongxuanWang/adv_attk