On Evaluating Adversarial Robustness of Volumetric Medical Segmentation Models

TL;DR

This paper empirically evaluates the adversarial robustness of various volumetric medical segmentation models, revealing that transformer-based models are more robust and large-scale training enhances resilience against attacks.

Contribution

It provides a comprehensive robustness assessment of current volumetric segmentation architectures across multiple datasets and attack scenarios, highlighting the relative robustness of transformer models.

Findings

Transformer models show higher robustness than convolutional models.

Frequency-based attacks outperform pixel-based attacks in black box settings.

Large-scale training improves model robustness.

Abstract

Volumetric medical segmentation models have achieved significant success on organ and tumor-based segmentation tasks in recent years. However, their vulnerability to adversarial attacks remains largely unexplored, raising serious concerns regarding the real-world deployment of tools employing such models in the healthcare sector. This underscores the importance of investigating the robustness of existing models. In this context, our work aims to empirically examine the adversarial robustness across current volumetric segmentation architectures, encompassing Convolutional, Transformer, and Mamba-based models. We extend this investigation across four volumetric segmentation datasets, evaluating robustness under both white box and black box adversarial attacks. Overall, we observe that while both pixel and frequency-based attacks perform reasonably well under \emph{white box} setting, the latter performs significantly better under transfer-based black box attacks. Across our experiments, we observe transformer-based models show higher robustness than convolution-based models with Mamba-based models being the most vulnerable. Additionally, we show that large-scale training of volumetric segmentation models improves the model's robustness against adversarial attacks. The code and robust models are available at https://github.com/HashmatShadab/Robustness-of-Volumetric-Medical-Segmentation-Models.