Frequency Domain Adversarial Training for Robust Volumetric Medical Segmentation
This work addresses the critical need for robust deep learning models in healthcare applications, though it is incremental as it builds on existing adversarial training methods.
The authors tackled the vulnerability of volumetric medical image segmentation models to adversarial attacks by introducing a 3D frequency domain attack and a corresponding adversarial training method with frequency consistency loss, achieving improved robustness with trade-offs between clean and adversarial performance.
It is imperative to ensure the robustness of deep learning models in critical applications such as, healthcare. While recent advances in deep learning have improved the performance of volumetric medical image segmentation models, these models cannot be deployed for real-world applications immediately due to their vulnerability to adversarial attacks. We present a 3D frequency domain adversarial attack for volumetric medical image segmentation models and demonstrate its advantages over conventional input or voxel domain attacks. Using our proposed attack, we introduce a novel frequency domain adversarial training approach for optimizing a robust model against voxel and frequency domain attacks. Moreover, we propose frequency consistency loss to regulate our frequency domain adversarial training that achieves a better tradeoff between model's performance on clean and adversarial samples. Code is publicly available at https://github.com/asif-hanif/vafa.