Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Is Mamba Reliable for Medical Imaging?

Banafsheh Saber Latibari, Najmeh Nazari, Daniel Brignac, Hossein Sayadi, Houman Homayoun, Abhijit Mahalanobis

TL;DR

The paper tackles the reliability of Mamba-based medical imaging models under both software and hardware threat models. It combines a broad input-level robustness evaluation (FGSM, PGD, information drop, and corruptions) with a hardware-inspired bit-flip analysis (random, layer-wise, and worst-case) to reveal vulnerability patterns across MedMNIST datasets. Key findings show that, despite high clean accuracy, PGD can severely degrade performance and that even a single high-impact exponent-bit flip can collapse accuracy to near-random levels, particularly in early feature extractors and SSM modules. The work highlights the need for adversarially robust and fault-tolerant training and deployment strategies before clinical use, emphasizing practical safeguards for memory faults and distribution shifts.

Abstract

State-space models like Mamba offer linear-time sequence processing and low memory, making them attractive for medical imaging. However, their robustness under realistic software and hardware threat models remains underexplored. This paper evaluates Mamba on multiple MedM-NIST classification benchmarks under input-level attacks, including white-box adversarial perturbations (FGSM/PGD), occlusion-based PatchDrop, and common acquisition corruptions (Gaussian noise and defocus blur) as well as hardware-inspired fault attacks emulated in software via targeted and random bit-flip injections into weights and activations. We profile vulnerabilities and quantify impacts on accuracy indicating that defenses are needed for deployment.

Is Mamba Reliable for Medical Imaging?

TL;DR

The paper tackles the reliability of Mamba-based medical imaging models under both software and hardware threat models. It combines a broad input-level robustness evaluation (FGSM, PGD, information drop, and corruptions) with a hardware-inspired bit-flip analysis (random, layer-wise, and worst-case) to reveal vulnerability patterns across MedMNIST datasets. Key findings show that, despite high clean accuracy, PGD can severely degrade performance and that even a single high-impact exponent-bit flip can collapse accuracy to near-random levels, particularly in early feature extractors and SSM modules. The work highlights the need for adversarially robust and fault-tolerant training and deployment strategies before clinical use, emphasizing practical safeguards for memory faults and distribution shifts.

Abstract

State-space models like Mamba offer linear-time sequence processing and low memory, making them attractive for medical imaging. However, their robustness under realistic software and hardware threat models remains underexplored. This paper evaluates Mamba on multiple MedM-NIST classification benchmarks under input-level attacks, including white-box adversarial perturbations (FGSM/PGD), occlusion-based PatchDrop, and common acquisition corruptions (Gaussian noise and defocus blur) as well as hardware-inspired fault attacks emulated in software via targeted and random bit-flip injections into weights and activations. We profile vulnerabilities and quantify impacts on accuracy indicating that defenses are needed for deployment.
Paper Structure (18 sections, 9 equations, 2 figures, 5 tables, 3 algorithms)

This paper contains 18 sections, 9 equations, 2 figures, 5 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Med-Mamba-Adv: Input-level perturbation for Mamba-based Medical Imaging
  4. White box Adversarial Attack
  5. FGSM
  6. PGD
  7. Information Drop Robustness
  8. Information Corruption Robustness
  9. Med-Mamba-Hammer: Hardware-Level bit-flip attack for Mamba-based Medical Imaging
  10. Threat Model
  11. Bit-Flip Injection Model
  12. Attack Variants
  13. Experiments
  14. Datasets
  15. Model and Training Protocol
  16. ...and 3 more sections

Figures (2)

  • Figure 1: Architecture of Vision Mamba
  • Figure 2: Overview of the threat model and evaluation pipeline for medical image classification. We consider input-level attacks including information corruption, information drop, and white-box adversarial perturbations, as well as hardware-level fault attacks such as random and layer-wise bit flips (e.g., Rowhammer-induced DRAM faults). The diagram highlights how these disturbances can propagate through the model and potentially lead to incorrect clinical predictions (misdiagnosis).