Skip to main content
SpringerLink
Log in
Book cover

MICCAI Workshop on Resource-Efficient Medical Image Analysis

REMIA 2022: Resource-Efficient Medical Image Analysis pp 65–74Cite as

An Efficient Defending Mechanism Against Image Attacking on Medical Image Segmentation Models

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13543))

Abstract

Image attacking has been studied for a long time. However, in reality, the number of research on defending against the attacks on segmentation models is still limited especially for medical imaging. To fill this research gap, we propose a novel defending mechanism against adversarial attacks for the segmentation models. We focus on segmentation as robustness improvement on segmentation is much more challenging due to its dense nature, and segmentation is at the center of medical imaging tasks. In this paper, we are the first time to employ Transformer as a technique to protect the segmentation models from attacks. Our result on several medical well-known benchmark datasets shows that the proposed defending mechanism to enhance the segmentation models is effective with high scores and better compared to other strong methods.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   44.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   59.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Badrinarayanan, V., Kendall, A., Cipolla, R.: SegNet: a deep convolutional encoder-decoder architecture for image segmentation. CVPR, pp. 1–13 (2015)

    Google Scholar 

  2. Buda, M., AshirbaniSaha, Mazurowski, M.A.: Association of genomic subtypes of lower-grade gliomas with shape features automatically extracted by a deep learning algorithm. https://www.kaggle.com/mateuszbuda/lgg-mri-segmentation

  3. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE Symposium on Security and Privacy (SP), pp. 1–15 (2017)

    Google Scholar 

  4. Chen, L.C., Zhu, Y., Papandreou, G., Schroff, F., Adam, H.: Encoder-decoder with atrous separable convolution for semantic image segmentation. In: ECCV, pp. 1–14 (2018)

    Google Scholar 

  5. FeiLi, et al.: Refuge: retinal fundus glaucoma challenge. https://refuge.grand-challenge.org/REFUGE2Download/

  6. Gao, Y., Fawaz, K.: Scale-Adv: a joint attack on image-scaling and machine learning classifiers. CC, pp. 1–32 (2021)

    Google Scholar 

  7. He, X., Yang, S., Li, G., Li, H., Chang, H., Yu, Y.: Non-local context encoder: robust biomedical image segmentation against adversarial attacks. In: AAAI, pp. 3–5 (2019)

    Google Scholar 

  8. Huang, G., Liu, Z., van der Maaten, L., Weinberger, K.Q.: Densely connected convolutional networks. In: CVPR, pp. 1–9 (2017)

    Google Scholar 

  9. Jun, M., et al.: COVID-19 CT lung and infection segmentation dataset. https://zenodo.org/record/3757476#.YhoKnOhBzDd

  10. Kurakin, A., Goodfellow, I.J., Bengio, S.: Adversarial machine learning at scale. ICLR, pp. 3–4 (2017)

    Google Scholar 

  11. Liao, F., Liang, M., Dong, Y., Pang, T., Huy, X., Zhu, J.: Defense against adversarial attacks using high-level representation guided denoiser. In: CVPR, pp. 1–8 (2018)

    Google Scholar 

  12. Liu, Q., et al.: Defending deep learning-based biomedical image segmentation from adversarial attacks: a low-cost frequency refinement approach. In: Martel, A.L., et al. (eds.) MICCAI 2020. LNCS, vol. 12264, pp. 342–351. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59719-1_34

    Chapter  Google Scholar 

  13. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: ICLR, pp. 3–4 (2019)

    Google Scholar 

  14. Ozbulak, U., Van Messem, A., De Neve, W.: Impact of adversarial examples on deep learning models for biomedical image segmentation. In: Shen, S., et al. (eds.) MICCAI 2019. LNCS, vol. 11765, pp. 300–308. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32245-8_34

    Chapter  Google Scholar 

  15. Qiu, H., Xiao, C., Yang, L., Yan, X., Lee, H., Li, B.: SemanticAdv: generating adversarial examples via attribute-conditioned image editing. In: Vedaldi, A., Bischof, H., Brox, T., Frahm, J.-M. (eds.) ECCV 2020. LNCS, vol. 12359, pp. 19–37. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-58568-6_2

    Chapter  Google Scholar 

  16. Ronneberger, O., Fischer, P., Brox, T.: U-Net: convolutional networks for biomedical image segmentation. In: Navab, N., Hornegger, J., Wells, W.M., Frangi, A.F. (eds.) MICCAI 2015. LNCS, vol. 9351, pp. 234–241. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24574-4_28

    Chapter  Google Scholar 

  17. Roy, A.G., Conjeti, S., Sheet, D., Katouzian, A., Navab, N., Wachinger, C.: Error corrective boosting for learning fully convolutional networks with limited data. In: Descoteaux, M., Maier-Hein, L., Franz, A., Jannin, P., Collins, D.L., Duchesne, S. (eds.) MICCAI 2017. LNCS, vol. 10435, pp. 231–239. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66179-7_27

    Chapter  Google Scholar 

  18. Wang, W., et al.: PVT v2: Improved baselines with Pyramid Vision Transformer. Comput. Vis. Media 8, 1–10 (2022). https://doi.org/10.1007/s41095-022-0274-8

    Article  Google Scholar 

  19. Wang, Z., Cun, X., Bao, J., Zhou, W., Liu, J., Li, H.: Uformer: a general u-shaped transformer for image restoration. arXiv:abs/2106.03106, pp. 1–8 (2021)

  20. Wang, Z., Simoncelli, E.P., Bovik, A.C.: Multi-scale structural similarity for image quality assessment. In: ACSSC, pp. 1–4 (2003)

    Google Scholar 

  21. Xiao, Q., Chen, Y., Shen, C., Chen, Y., Li, K.: Seeing is not believing: camouflage attacks on image scaling algorithms. In: 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, pp. 1–32 (2019)

    Google Scholar 

  22. Xie, C., Wu, Y., van der Maaten, L., Yuille, A., He, K.: Feature denoising for improving adversarial robustness. In: CVPR, pp. 2–8 (2019)

    Google Scholar 

  23. Xie, C., Wang, J., Zhang, Z., Zhou, Y., Xie1, L., Yuille, A.: Adversarial examples for semantic segmentation and object detection. In: ICCV, pp. 1–12 (2017)

    Google Scholar 

  24. Xu, X., Zhao, H., Jia, J.: Dynamic divide-and-conquer adversarial training for robust semantic segmentation. In: CVPR, pp. 2–8 (2020)

    Google Scholar 

  25. Zhang, L., Zhang, L., Mou, X., Zhang, D.: FSIM: a feature similarity index for image quality assessment. IEEE Trans. Image Process. pp. 1–19 (2011)

    Google Scholar 

  26. Zhang, S., et al.: Attention guided network for retinal image segmentation. In: Shen, D., et al. (eds.) MICCAI 2019. LNCS, vol. 11764, pp. 797–805. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32239-7_88

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported by A*STAR Advanced Manufacturing and Engineering (AME) Programmatic Fund (A20H4b0141);

Author information

Authors and Affiliations

  1. Institute of High Performance Computing, A*STAR, Singapore, Singapore

    Linh D. Le, Huazhu Fu, Xinxing Xu, Yong Liu, Yanyu Xu, Jiawei Du, Joey T. Zhou & Rick Goh

Authors
  1. Linh D. Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Huazhu Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xinxing Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yanyu Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Jiawei Du
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Joey T. Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Rick Goh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Linh D. Le .

Editor information

Editors and Affiliations

  1. Institute of High Performance Computing, Singapore, Singapore

    Xinxing Xu

  2. Hong Kong University of Science and Technology, Hong Kong, China

    Xiaomeng Li

  3. Inception Institute of Artificial Intelligence, Abu Dhabi, United Arab Emirates

    Dwarikanath Mahapatra

  4. University of Alberta, Edmonton, AB, Canada

    Li Cheng

  5. University of Rouen, Rouen, France

    Caroline Petitjean

  6. Institute of High Performance Computing, Singapore, Singapore

    Huazhu Fu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Le, L.D. et al. (2022). An Efficient Defending Mechanism Against Image Attacking on Medical Image Segmentation Models. In: Xu, X., Li, X., Mahapatra, D., Cheng, L., Petitjean, C., Fu, H. (eds) Resource-Efficient Medical Image Analysis. REMIA 2022. Lecture Notes in Computer Science, vol 13543. Springer, Cham. https://doi.org/10.1007/978-3-031-16876-5_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-16876-5_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-16875-8

  • Online ISBN: 978-3-031-16876-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation