Defending Against Adversarial Attacks On Medical Imaging Ai System, Classification Or Detection?

Medical imaging AI systems such as disease classification and segmentation are increasingly inspired and transformed from computer vision based AI systems. Although an array of adversarial training and/or loss function based defense techniques have been developed and proved to be effective in computer vision, defending against adversarial attacks on medical images remains largely an uncharted territory due to the following unique challenges: 1) label scarcity in medical images significantly limits adversarial generalizability of the AI system; 2) vastly similar and dominant fore- and background in medical images make it hard samples for learning the discriminating features between different disease classes; and 3) crafted adversarial noises added to the entire medical image as opposed to the focused organ target can make clean and adversarial examples more discriminate than that between different disease classes. In this paper, we propose a novel robust medical imaging AI framework based on Semi-Supervised Adversarial Training (SSAT) and Unsupervised Adversarial Detection (UAD), followed by designing a new measure for assessing systems adversarial risk. We systematically demonstrate the advantages of our robust medical imaging AI system over the existing adversarial defense techniques under diverse real-world settings of adversarial attacks using a benchmark OCT imaging data set.

[1]  Dongxiao Zhu,et al.  Improving Adversarial Robustness via Probabilistically Compact Loss with Logit Constraints , 2020, AAAI.

[2]  Aleksander Madry,et al.  Towards Deep Learning Models Resistant to Adversarial Attacks , 2017, ICLR.

[3]  Dongxiao Zhu,et al.  On the Learning Property of Logistic and Softmax Losses for Deep Neural Networks , 2020, AAAI.

[4]  Wei Wei,et al.  Improving Adversarial Robustness via Guided Complement Entropy , 2019, 2019 IEEE/CVF International Conference on Computer Vision (ICCV).

[5]  Andrew Y. Ng,et al.  CheXNet: Radiologist-Level Pneumonia Detection on Chest X-Rays with Deep Learning , 2017, ArXiv.

[6]  Wesley De Neve,et al.  Impact of Adversarial Examples on Deep Learning Models for Biomedical Image Segmentation , 2019, MICCAI.

[7]  Po-Sen Huang,et al.  Are Labels Required for Improving Adversarial Robustness? , 2019, NeurIPS.

[8]  Xin Li,et al.  Robust Detection of Adversarial Attacks on Medical Images , 2020, 2020 IEEE 17th International Symposium on Biomedical Imaging (ISBI).

[9]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[10]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[11]  Xin Li,et al.  Vispi: Automatic Visual Perception and Interpretation of Chest X-rays , 2019, ArXiv.

[12]  Nassir Navab,et al.  Generalizability vs. Robustness: Adversarial Examples for Medical Imaging , 2018, ArXiv.

[13]  Xiaolin Huang,et al.  Pulmonary nodule segmentation with CT sample synthesis using adversarial networks , 2019, Medical physics.

[14]  Takaya Saito,et al.  The Precision-Recall Plot Is More Informative than the ROC Plot When Evaluating Binary Classifiers on Imbalanced Datasets , 2015, PloS one.

[15]  Ayman El-Baz,et al.  Classification of retinal diseases based on OCT Images. , 2018, Frontiers in bioscience.

[16]  James Bailey,et al.  Understanding Adversarial Attacks on Deep Learning Based Medical Image Analysis Systems , 2019, Pattern Recognit..

[17]  Andrew L. Beam,et al.  Adversarial Attacks Against Medical Deep Learning Systems , 2018, ArXiv.

[18]  James Bailey,et al.  Characterizing Adversarial Subspaces Using Local Intrinsic Dimensionality , 2018, ICLR.

[19]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[20]  Dan Boneh,et al.  Ensemble Adversarial Training: Attacks and Defenses , 2017, ICLR.

[21]  Ghassan Hamarneh,et al.  Vulnerability Analysis of Chest X-Ray Image Classification Against Adversarial Attacks , 2018, MLCN/DLF/iMIMIC@MICCAI.

[22]  Ayman El-Baz,et al.  A new CNN-based system for early diagnosis of prostate cancer , 2018, 2018 IEEE 15th International Symposium on Biomedical Imaging (ISBI 2018).

[23]  Ghassan Hamarneh,et al.  A Kernelized Manifold Mapping to Diminish the Effect of Adversarial Perturbations , 2019, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[24]  Yizhou Yu,et al.  Non-Local Context Encoder: Robust Biomedical Image Segmentation against Adversarial Attacks , 2019, AAAI.

[25]  Jian Sun,et al.  Deep Residual Learning for Image Recognition , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[26]  Daniel S. Kermany,et al.  Identifying Medical Diagnoses and Treatable Diseases by Image-Based Deep Learning , 2018, Cell.

[27]  Ryan R. Curtin,et al.  Detecting Adversarial Samples from Artifacts , 2017, ArXiv.

[28]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.