Adversarial-Robust Transfer Learning for Medical Imaging via Domain Assimilation

TL;DR

This work addresses the vulnerability of transfer-learned medical imaging models to adversarial attacks due to domain discrepancies between natural and medical images. It introduces Domain Assimilation, comprising a texture module and a colorization module, augmented by a GLCM-based texture-preservation loss to minimize distortion while aligning with natural-image priors. The method is evaluated across MRI, CT, X-ray, and Ultrasound datasets against gradient-based attacks such as FGSM, BIM, MIFGSM, and PGD, demonstrating enhanced robustness and competitive accuracy on most modalities, with Ultrasound remaining challenging. Overall, the approach advances trustworthy transfer learning in biomedical imaging by mitigating adversarial risk through texture preservation and controlled color adaptation.

Abstract

In the field of Medical Imaging, extensive research has been dedicated to leveraging its potential in uncovering critical diagnostic features in patients. Artificial Intelligence (AI)-driven medical diagnosis relies on sophisticated machine learning and deep learning models to analyze, detect, and identify diseases from medical images. Despite the remarkable performance of these models, characterized by high accuracy, they grapple with trustworthiness issues. The introduction of a subtle perturbation to the original image empowers adversaries to manipulate the prediction output, redirecting it to other targeted or untargeted classes. Furthermore, the scarcity of publicly available medical images, constituting a bottleneck for reliable training, has led contemporary algorithms to depend on pretrained models grounded on a large set of natural images -- a practice referred to as transfer learning. However, a significant {\em domain discrepancy} exists between natural and medical images, which causes AI models resulting from transfer learning to exhibit heightened {\em vulnerability} to adversarial attacks. This paper proposes a {\em domain assimilation} approach that introduces texture and color adaptation into transfer learning, followed by a texture preservation component to suppress undesired distortion. We systematically analyze the performance of transfer learning in the face of various adversarial attacks under different data modalities, with the overarching goal of fortifying the model's robustness and security in medical imaging tasks. The results demonstrate high effectiveness in reducing attack efficacy, contributing toward more trustworthy transfer learning in biomedical applications.

Figures (6)

• Figure 1: Histograms showing pixel intensity value distribution of medical images and natural images. Conversion from RGB to grayscale was done for natural images for comparison purposes.
• Figure 2: Example of the input and output of texture and color modules. (a) from left to right: original brain MRI image, encoder output, decoder output. (b) from left to right: input from texture module, three-channel image output.
• Figure 3: Architecture of our proposed texture-color adaption alongside the backbone and final classifier.
• Figure 4: A demonstration of the incremental workflow. See from left to right: image for the original Breast Ultrasound image, sole colorization results, after adaptation of texture, result from addition of GLCM loss.
• Figure 5: Transferred colorization from trained Breast Ultrasound color module to colorize given Chest CT and Brain MRI image. See first row for results for Chest CT and second row for Brain MRI. See from left to right: original image, colorization result from trained Breast Ultrasound color module, result with addition of GLCM loss.