Evaluating and enhancing the robustness of vision transformers against adversarial attacks in medical imaging.

IF 2.6 4区医学 Q2 COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS

Medical & Biological Engineering & Computing Pub Date : 2024-10-25 DOI:10.1007/s11517-024-03226-5

Elif Kanca, Selen Ayas, Elif Baykal Kablan, Murat Ekinci

{"title":"Evaluating and enhancing the robustness of vision transformers against adversarial attacks in medical imaging.","authors":"Elif Kanca, Selen Ayas, Elif Baykal Kablan, Murat Ekinci","doi":"10.1007/s11517-024-03226-5","DOIUrl":null,"url":null,"abstract":"<p><p>Deep neural networks (DNNs) have demonstrated exceptional performance in medical image analysis. However, recent studies have uncovered significant vulnerabilities in DNN models, particularly their susceptibility to adversarial attacks that manipulate these models into making inaccurate predictions. Vision Transformers (ViTs), despite their advanced capabilities in medical imaging tasks, have not been thoroughly evaluated for their robustness against such attacks in this domain. This study addresses this research gap by conducting an extensive analysis of various adversarial attacks on ViTs specifically within medical imaging contexts. We explore adversarial training as a potential defense mechanism and assess the resilience of ViT models against state-of-the-art adversarial attacks and defense strategies using publicly available benchmark medical image datasets. Our findings reveal that ViTs are vulnerable to adversarial attacks even with minimal perturbations, although adversarial training significantly enhances their robustness, achieving over 80% classification accuracy. Additionally, we perform a comparative analysis with state-of-the-art convolutional neural network models, highlighting the unique strengths and weaknesses of ViTs in handling adversarial threats. This research advances the understanding of ViTs robustness in medical imaging and provides insights into their practical deployment in real-world scenarios.</p>","PeriodicalId":49840,"journal":{"name":"Medical & Biological Engineering & Computing","volume":" ","pages":""},"PeriodicalIF":2.6000,"publicationDate":"2024-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Medical & Biological Engineering & Computing","FirstCategoryId":"5","ListUrlMain":"https://doi.org/10.1007/s11517-024-03226-5","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INTERDISCIPLINARY APPLICATIONS","Score":null,"Total":0}

引用次数: 0

Abstract

Deep neural networks (DNNs) have demonstrated exceptional performance in medical image analysis. However, recent studies have uncovered significant vulnerabilities in DNN models, particularly their susceptibility to adversarial attacks that manipulate these models into making inaccurate predictions. Vision Transformers (ViTs), despite their advanced capabilities in medical imaging tasks, have not been thoroughly evaluated for their robustness against such attacks in this domain. This study addresses this research gap by conducting an extensive analysis of various adversarial attacks on ViTs specifically within medical imaging contexts. We explore adversarial training as a potential defense mechanism and assess the resilience of ViT models against state-of-the-art adversarial attacks and defense strategies using publicly available benchmark medical image datasets. Our findings reveal that ViTs are vulnerable to adversarial attacks even with minimal perturbations, although adversarial training significantly enhances their robustness, achieving over 80% classification accuracy. Additionally, we perform a comparative analysis with state-of-the-art convolutional neural network models, highlighting the unique strengths and weaknesses of ViTs in handling adversarial threats. This research advances the understanding of ViTs robustness in medical imaging and provides insights into their practical deployment in real-world scenarios.

查看原文本刊更多论文

评估和增强视觉变换器在医学成像中对抗恶意攻击的鲁棒性。

深度神经网络（DNN）在医学图像分析中表现出卓越的性能。然而，最近的研究发现 DNN 模型存在重大漏洞，特别是容易受到对抗性攻击，这些攻击会操纵这些模型做出不准确的预测。尽管视觉变换器（ViTs）在医学成像任务中具有先进的功能，但尚未对其在该领域抵御此类攻击的鲁棒性进行全面评估。本研究针对这一研究空白，广泛分析了医疗成像背景下对视觉变换器的各种对抗性攻击。我们探讨了作为潜在防御机制的对抗性训练，并利用公开的基准医学图像数据集评估了 ViT 模型对最先进的对抗性攻击和防御策略的适应能力。我们的研究结果表明，尽管对抗性训练能显著增强 ViT 的鲁棒性，使其分类准确率达到 80% 以上，但即使是最小的扰动，ViT 也很容易受到对抗性攻击。此外，我们还与最先进的卷积神经网络模型进行了比较分析，突出了 ViT 在处理对抗性威胁方面的独特优势和弱点。这项研究加深了人们对 ViT 在医学成像中的鲁棒性的理解，并为 ViT 在现实世界中的实际应用提供了真知灼见。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Medical & Biological Engineering & Computing 医学-工程：生物医学

CiteScore

6.00

自引率

3.10%

发文量

249

审稿时长

3.5 months

期刊介绍： Founded in 1963, Medical & Biological Engineering & Computing (MBEC) continues to serve the biomedical engineering community, covering the entire spectrum of biomedical and clinical engineering. The journal presents exciting and vital experimental and theoretical developments in biomedical science and technology, and reports on advances in computer-based methodologies in these multidisciplinary subjects. The journal also incorporates new and evolving technologies including cellular engineering and molecular imaging. MBEC publishes original research articles as well as reviews and technical notes. Its Rapid Communications category focuses on material of immediate value to the readership, while the Controversies section provides a forum to exchange views on selected issues, stimulating a vigorous and informed debate in this exciting and high profile field. MBEC is an official journal of the International Federation of Medical and Biological Engineering (IFMBE).