Adversarially Robust Feature Learning for Breast Cancer Diagnosis

TL;DR

The paper tackles adversarial vulnerability in breast cancer diagnosis by proposing Adversarially RobuSt Feature Learning (ARFL), a regularization that promotes strong feature-label correlations through a robust loss integrated into a minimax training framework over mixed standard and adversarial data. The robust loss, defined as $L_{robust}(\theta, x, y) = -(1/(HW)) * \sum_{i=1}^H \sum_{j=1}^W sigma(|f_{i,j}(\theta, x) * y|)$, guides the model to emphasize high-quality imaging features; the overall objective combines this with the standard cross-entropy loss via a weight $\lambda$, and training mixes data via a ratio $r$. Across synthetic and two real mammography datasets (Institution A and CMMD), dual adversarial training with ARFL achieves superior robustness (higher adversarial and mean AUC/accuracy) compared to DSBN, TRADES, and MIRST, while maintaining or improving performance on clean data. The results demonstrate ARFL's ability to learn discriminative, robust imaging features and provide practical guidance on mixing standard and adversarial data for safer clinical deployment.

Abstract

Adversarial data can lead to malfunction of deep learning applications. It is essential to develop deep learning models that are robust to adversarial data while accurate on standard, clean data. In this study, we proposed a novel adversarially robust feature learning (ARFL) method for a real-world application of breast cancer diagnosis. ARFL facilitates adversarial training using both standard data and adversarial data, where a feature correlation measure is incorporated as an objective function to encourage learning of robust features and restrain spurious features. To show the effects of ARFL in breast cancer diagnosis, we built and evaluated diagnosis models using two independent clinically collected breast imaging datasets, comprising a total of 9,548 mammogram images. We performed extensive experiments showing that our method outperformed several state-of-the-art methods and that our method can enhance safer breast cancer diagnosis against adversarial attacks in clinical settings.

Figures (7)

• Figure 1: We propose a novel method, adversarially robust feature learning (ARFL), which employs $\mathbf{L}_{\mathbf{robust}}(\mathbf{\theta}, \mathbf{x}, \mathbf{y})$ regularization to learn classification features that are robust on both standard and adversarial data to enhance breast cancer diagnosis.
• Figure 2: Overview of the Adversarially Robust Feature Learning (ARFL) framework for breast cancer diagnosis. This figure illustrates the ARFL architecture utilizing both standard and adversarial mammographic data as inputs ($\mathbf{x}$). The adversarial training with ARFL focuses on extracting robust features $\mathbf{f}(\mathbf{\theta}, \mathbf{x})$ for computing the robust loss $\mathbf{L}_{\mathbf{robust}}$. The ARFL approach is designed to enhance the identification of features that are robust on both standard and adversarial data while minimizing the influence of less relevant features.
• Figure 3: Comparisons of adversarially robust feature learning (ARFL)'s effect on dual adversarial training joel2022using on the two-moon dataset. The subfigures represent results from a multilayer perceptron subjected to the respective training settings, without ARFL (first row, i.e., Figure 3A and 3B) and with ARFL (second row, i.e., Figure 3C and 3D). The left column shows 50 samples randomly selected from standard test set, while the right column shows 50 samples randomly selected from the adversarial test set. ARFL is able to improve the shape learning of the latent data distribution, as seen from comparing the decision boundaries of Figures 3A vs. 3C or Figures 3B vs. 3D.
• Figure 4: Robustness analysis of parameter (the mixing ratio of standard data relative to total data). Shown are the AUC values with respect to varying values. Error bars reflect standard deviations. Note that at the same values, the display of the red markers and error bars are purposely shifted a little bit to the right, for better visualization (avoiding overlap).
• Figure 5: Feature saliency maps of mammogram images from models trained using dual adversarial training with and without the integration of ARFL. The color bar represents the scaled gradients between zero and one. More regions with sharp contrast indicate more important features.