Adversarial Defense for Medical Images

The rapid advancement of deep learning is significantly hindered by its vulnerability to adversarial attacks, a critical concern in sensitive domains like medicine where misclassification can have severe, irreversible consequences. This issue directly underscores prediction unreliability and is central to the goals of Explainable Artificial Intelligence (XAI) and Trustworthy AI. This study addresses this fundamental problem by evaluating the efficacy of denoising techniques against adversarial attacks on medical images. Our primary objective is to assess the performance of various denoising models. The authors generate a test set of adversarial medical images using the one-pixel attack method, which subtly modifies a minimal number of pixels to induce misclassification. The authors propose a novel autoencoder-based denoising model and evaluate it across four diverse medical image datasets: Derma, Pathology, OCT, and Chest. Denoising models were trained by introducing Impulse noise and subsequently tested on the adversarially attacked images, with effectiveness quantitatively evaluated using standard image quality metrics. The results demonstrate that the proposed denoising autoencoder model performs consistently well across all datasets. By mitigating catastrophic failures induced by sparse attacks, this work enhances system dependability and significantly contributes to the development of more robust and reliable deep learning applications for clinical practice. A key limitation is that the evaluation was confined to sparse, pixel-level attacks; robustness to dense, multi-pixel adversarial attacks, such as PGD or AutoAttack, is not guaranteed and requires future investigation.