Elevating adversarial robustness by contrastive multitasking defence in medical image segmentation

Abstract

Although Deep Learning (DL)-based Medical Image Segmentation (MIS) models are critically important, adversarial attacks substantially diminish their efficacy. Such attacks subtly perturb inputs, causing the model to produce inaccurate predictions. This problem is more prevalent in medical images, as their intricate textures can mislead the model to focus on irrelevant regions, undermining performance and robustness. Thus, defending against adversarial attacks is crucial for a robust DL-based MIS model. While existing defences have proven effective in non-medical domains, their impact in medical domains remains limited. To bridge this gap, we propose a novel defence, CEASE (ContrastivE MultitASking DEfence), to significantly enhance the adversarial resilience of MIS models, delivering notable performance gain. CEASE exhibits contrastive learning, multitask learning, and their consolidation-based defence. Initially, we investigate the importance of contrastive learning in a DL-based MIS model. It leverages the observation that learning similar features for clean, adversarial, and augmented samples during training significantly enhances adversarial robustness. Subsequently, our proposed multitask learning-based defence provides generic feature representation and selects auxiliary tasks based on their weak relevance to the main task, improving model robustness. Eventually, we leverage the advantages of contrastive and multitask learning to propose their fusion-based defence. It employs contrastive learning specifically for MIS tasks and follows the proposed multitask model architecture. Experiments on publicly available datasets across several state-of-the-art MIS models reveal that CEASE surpasses the well-known defences by mitigating the efficacy of adversarial attacks up to 0% attack success rate on maximum average distortion with modest performance advancement.