Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Defending Deep Learning-Based Biomedical Image Segmentation from Adversarial Attacks: A Low-Cost Frequency Refinement Approach

  • Conference paper
  • First Online:
Medical Image Computing and Computer Assisted Intervention – MICCAI 2020 (MICCAI 2020)

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 12264))

Abstract

Deep learning has demonstrated superb performance and efficiency in medical image segmentation. However, recently the community has also found the first practical adversarial example crafting algorithm dedicated to misleading deep learning-based biomedical image segmentation models. The generated segmentation-oriented adversarial examples, while almost indistinguishable by human eyes, can always produce target incorrect segmentation prediction with high intersection-over-union (IoU) rate, significantly concerning the safe use of such an emerging technique in medical diagnosis tasks. On the other hand, research on defending such an emerging attack in the context of medical image segmentation is lacking. In this work, we make the very first attempt to develop a low-cost and effective input-transformation based defense technique. To maximize the defense efficiency (or recovered segmentation results) of adversarial samples while minimizing the segmentation performance loss of benign samples after applying defense, we propose a novel low-cost image compression-based defense approach guided by fine-grained frequency refinement (FR). Extensive experimental results on various deep learning segmentation models show that our defense can offer very high defense efficiency against adversarial examples with very marginal segmentation performance loss of benign images on both ISIC skin lesion segmentation challenge and the problem of glaucoma optic disc segmentation. To further validate our method’s effectiveness, we also extend our evaluation to the image classification model. We show the influence of our recovered segmentation prediction by our defense on disease prediction in adversarial settings. The code is released at: https://github.com/qiliu08/frequency-refinement-defense.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, V., Kori, A., Alex, V., Krishnamurthi, G.: Enhanced optic disk and cup segmentation with glaucoma screening from fundus images using position encoded CNNs. arXiv preprint arXiv:1809.05216 (2018)

  2. Anand: isic 2018 github (2019). https://github.com/cygnus77/isic-2018

  3. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39–57. IEEE (2017)

    Google Scholar 

  4. Chen, H., Dou, Q., Yu, L., Qin, J., Heng, P.A.: Voxresnet: deep voxelwise residual networks for brain segmentation from 3D MR images. NeuroImage 170, 446–455 (2018)

    Article  Google Scholar 

  5. Codella, N.C., et al.: Skin lesion analysis toward melanoma detection: a challenge at the 2017 international symposium on biomedical imaging (isbi), hosted by the international skin imaging collaboration (isic). In: 2018 IEEE 15th International Symposium on Biomedical Imaging (ISBI 2018), pp. 168–172. IEEE (2018)

    Google Scholar 

  6. Deng, J., Dong, W., Socher, R., Li, L.J., Li, K., Fei-Fei, L.: Imagenet: a large-scale hierarchical image database. In: 2009 IEEE Conference on Computer Vision and Pattern Recognition, pp. 248–255. IEEE (2009)

    Google Scholar 

  7. Finlayson, S.G., Chung, H.W., Kohane, I.S., Beam, A.L.: Adversarial attacks against medical deep learning systems. arXiv preprint arXiv:1804.05296 (2018)

  8. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)

  9. He, K., Zhang, X., Ren, S., Sun, J.: Deep residual learning for image recognition. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778 (2016)

    Google Scholar 

  10. Huang, G., Liu, Z., Van Der Maaten, L., Weinberger, K.Q.: Densely connected convolutional networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4700–4708 (2017)

    Google Scholar 

  11. Liu, Q., Liu, T., Liu, Z., Wang, Y., Jin, Y., Wen, W.: Security analysis and enhancement of model compressed deep learning systems under adversarial attacks. In: 2018 23rd Asia and South Pacific Design Automation Conference (ASP-DAC), pp. 721–726. IEEE (2018)

    Google Scholar 

  12. Liu, Z., et al.: Machine vision guided 3d medical image compression for efficient transmission and accurate segmentation in the clouds. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 12687–12696 (2019)

    Google Scholar 

  13. Milletari, F., Navab, N., Ahmadi, S.A.: V-net: fully convolutional neural networks for volumetric medical image segmentation. In: 2016 Fourth International Conference on 3D Vision (3DV), pp. 565–571. IEEE (2016)

    Google Scholar 

  14. Ozbulak, U., Van Messem, A., De Neve, W.: Impact of adversarial examples on deep learning models for biomedical image segmentation. In: Shen, D., et al. (eds.) MICCAI 2019. LNCS, vol. 11765, pp. 300–308. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32245-8_34

    Chapter  Google Scholar 

  15. Reininger, R., Gibson, J.: Distributions of the two-dimensional DCT coefficients for images. IEEE Trans. Commun. 31(6), 835–839 (1983)

    Article  Google Scholar 

  16. Ronneberger, O., Fischer, P., Brox, T.: U-Net: convolutional networks for biomedical image segmentation. In: Navab, N., Hornegger, J., Wells, W.M., Frangi, A.F. (eds.) MICCAI 2015. LNCS, vol. 9351, pp. 234–241. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24574-4_28

    Chapter  Google Scholar 

  17. Sivaswamy, J., Krishnadas, S., Chakravarty, A., Joshi, G., Tabish, A.S., et al.: A comprehensive retinal image dataset for the assessment of glaucoma from the optic nerve head analysis. JSM Biomed. Imaging Data Papers 2(1), 1004 (2015)

    Google Scholar 

  18. Wallace, G.K.: The jpeg still picture compression standard. IEEE Trans. ConsumElectron. 38(1), xviii–xxxiv (1992)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by NSF Grants CNS-2011260 and SPX-2006748.

Author information

Authors and Affiliations

  1. Lehigh University, Bethlehem, PA, 18015, USA

    Qi Liu, Han Jiang & Wujie Wen

  2. Florida International University, Miami, FL, 33199, USA

    Tao Liu & Zihao Liu

  3. Alibaba DAMO Academy, Sunnyvale, CA, USA

    Sicheng Li

  4. University of Notre Dame, Notre Dame, IN, 46556, USA

    Yiyu Shi

Authors
  1. Qi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Han Jiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zihao Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Sicheng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Wujie Wen
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Yiyu Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qi Liu .

Editor information

Editors and Affiliations

  1. University of Toronto, Toronto, ON, Canada

    Anne L. Martel

  2. The University of British Columbia, Vancouver, BC, Canada

    Purang Abolmaesumi

  3. University College London, London, UK

    Danail Stoyanov

  4. École Centrale de Nantes, Nantes, France

    Diana Mateus

  5. EURECOM, Biot, France

    Maria A. Zuluaga

  6. Chinese Academy of Sciences, Beijing, China

    S. Kevin Zhou

  7. Sorbonne University, Paris, France

    Daniel Racoceanu

  8. The Hebrew University of Jerusalem, Jerusalem, Israel

    Leo Joskowicz

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, Q. et al. (2020). Defending Deep Learning-Based Biomedical Image Segmentation from Adversarial Attacks: A Low-Cost Frequency Refinement Approach. In: Martel, A.L., et al. Medical Image Computing and Computer Assisted Intervention – MICCAI 2020. MICCAI 2020. Lecture Notes in Computer Science(), vol 12264. Springer, Cham. https://doi.org/10.1007/978-3-030-59719-1_34

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-59719-1_34

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59718-4

  • Online ISBN: 978-3-030-59719-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation