Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Survey on Adversarial Attack and Defense for Medical Image Analysis: Methods and Challenges

Junhao Dong, Junxi Chen, Xiaohua Xie, Jianhuang Lai, Hao Chen

TL;DR

This exposition presents a comprehensive survey on recent advances in adversarial attacks and defenses for medical image analysis with a systematic taxonomy in terms of the application scenario and establishes a new benchmark for adversarially robust medical diagnosis models obtained by adversarial training under various scenarios.

Abstract

Deep learning techniques have achieved superior performance in computer-aided medical image analysis, yet they are still vulnerable to imperceptible adversarial attacks, resulting in potential misdiagnosis in clinical practice. Oppositely, recent years have also witnessed remarkable progress in defense against these tailored adversarial examples in deep medical diagnosis systems. In this exposition, we present a comprehensive survey on recent advances in adversarial attacks and defenses for medical image analysis with a systematic taxonomy in terms of the application scenario. We also provide a unified framework for different types of adversarial attack and defense methods in the context of medical image analysis. For a fair comparison, we establish a new benchmark for adversarially robust medical diagnosis models obtained by adversarial training under various scenarios. To the best of our knowledge, this is the first survey paper that provides a thorough evaluation of adversarially robust medical diagnosis models. By analyzing qualitative and quantitative results, we conclude this survey with a detailed discussion of current challenges for adversarial attack and defense in medical image analysis systems to shed light on future research directions. Code is available on \href{https://github.com/tomvii/Adv_MIA}{\color{red}{GitHub}}.

Survey on Adversarial Attack and Defense for Medical Image Analysis: Methods and Challenges

TL;DR

This exposition presents a comprehensive survey on recent advances in adversarial attacks and defenses for medical image analysis with a systematic taxonomy in terms of the application scenario and establishes a new benchmark for adversarially robust medical diagnosis models obtained by adversarial training under various scenarios.

Abstract

Deep learning techniques have achieved superior performance in computer-aided medical image analysis, yet they are still vulnerable to imperceptible adversarial attacks, resulting in potential misdiagnosis in clinical practice. Oppositely, recent years have also witnessed remarkable progress in defense against these tailored adversarial examples in deep medical diagnosis systems. In this exposition, we present a comprehensive survey on recent advances in adversarial attacks and defenses for medical image analysis with a systematic taxonomy in terms of the application scenario. We also provide a unified framework for different types of adversarial attack and defense methods in the context of medical image analysis. For a fair comparison, we establish a new benchmark for adversarially robust medical diagnosis models obtained by adversarial training under various scenarios. To the best of our knowledge, this is the first survey paper that provides a thorough evaluation of adversarially robust medical diagnosis models. By analyzing qualitative and quantitative results, we conclude this survey with a detailed discussion of current challenges for adversarial attack and defense in medical image analysis systems to shed light on future research directions. Code is available on \href{https://github.com/tomvii/Adv_MIA}{\color{red}{GitHub}}.
Paper Structure (33 sections, 6 equations, 5 figures, 15 tables)

This paper contains 33 sections, 6 equations, 5 figures, 15 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Medical Adversarial Attacks
  4. Taxonomy of Adversarial Attacks
  5. Summary of Medical Attack Works
  6. White-box Attacks
  7. Semi-white-box Attacks
  8. Black-box Attacks
  9. Restricted Black-box (No-box) Attacks
  10. Medical Adversarial Defenses
  11. Taxonomy of Adversarial Defenses
  12. Summary of Medical Defense Works
  13. Adversarial Training
  14. Adversarial Detection
  15. Image-level Pre-processing
  16. ...and 18 more sections

Figures (5)

  • Figure 1: Number of publications per year related to adversarial attack and defense for medical image analysis, inclusive of data up to September 2024.
  • Figure 2: Outline of our Survey: Starting with the background of adversarial machine learning and medical image analysis, we comprehensively review recent advancements in medical adversarial attack and defense mechanisms. We also evaluate the robustness of medical diagnosis models against adversarial attacks and conclude with a discussion on current challenges, providing insights into potential research directions.
  • Figure 3: Taxonomy of medical adversarial attacks in terms of application scenarios. Following chen2017zoodong2022restricted, we categorize adversarial attack methods into four classes according to the degrees of accessible knowledge, including Backward Propagation (BP) gradients of target DNN during the training and inference stage of the adversary generator. "Query" represents the accessibility to outputs of the target DNN.
  • Figure 4: Visualization of medical adversarial examples with predictions under diverse perturbation size $\epsilon$. The generated segmentation masks are superimposed on the original images for visualization.
  • Figure 5: Heat-map visualization of medical adversarial examples under diverse attack strengths $\epsilon$ corresponding to NATurally (NAT) and ADVersarially (ADV) trained classification models.