AI Shields Medical Scans from Data Attacks

Medical image segmentation, crucial for tasks like tumor detection and treatment planning, has seen significant improvements with deep learning, but these models are vulnerable to adversarial attacks where small, malicious perturbations in input data can cause major errors. This vulnerability poses risks to data integrity and reliability in critical medical applications. A new approach called Layer-wise Noise-Guided Selective Wavelet Reconstruction (LNG-SWR) addresses this by enhancing robustness without sacrificing clean accuracy, offering a scalable solution for clinical deployment.

The researchers found that LNG-SWR consistently improves segmentation performance under both clean and attacked conditions across multiple datasets. On CT and ultrasound datasets, including LIDC-IDRI for lung nodules and TN-SCUI for thyroid nodules, LNG-SWR achieved clean Dice scores of 87.3% and 89.1% respectively, with small but steady gains over baseline models. Under adversarial attacks like PGD-L∞ and SSAH, it significantly reduced performance drops, for example, achieving a Dice score of 69.5% under L∞ attacks on LIDC-IDRI compared to 53.4% for the best baseline. also showed additive gains when combined with adversarial training, improving robustness further without compromising clean accuracy.

Ology involves a dual-domain framework with three core components. First, during training, layer-wise noise injection units add small, zero-mean Gaussian noise at multiple network layers to learn a frequency-bias prior that steers features away from noise-sensitive directions. Second, a prior-guided selective wavelet reconstruction module applies a 2D Haar wavelet transform to decompose input or features into low-frequency and directional high-frequency bands, preserving low-frequency content, suppressing diagonal high-frequency components, and re-weighting horizontal and vertical bands before inverse reconstruction. Third, a lightweight dynamic multi-scale fusion block aggregates anisotropic context with strip convolutions. This design is backbone-agnostic, adding low inference overhead, and operates on a train-time guidance, test-time execution paradigm.

Analysis of , as shown in figures from the paper, reveals key insights. Figure 1 illustrates training dynamics, showing that adversarial training can alter frequency allocation, but LNG-SWR stabilizes this. In ablation studies, suppressing the diagonal high-frequency band (HH) while preserving low-frequency (LL) and re-weighting directional bands (LH/HL) yielded the best Dice score of 87.3%, indicating HH is the most noise-sensitive component. Figure 6 demonstrates that without LNG-SWR, adversarial attacks cause boundary breakage and amplified high-frequency noise, while with it, edge continuity is maintained and artifacts are suppressed. Additionally, Figure 8 shows that a noise scale of σ=0.03 provides an optimal trade-off, improving robustness without harming clean accuracy.

Of this research are significant for real-world medical imaging, where data security and model reliability are paramount. By improving robustness to adversarial attacks, LNG-SWR can help protect against data manipulation in clinical settings, ensuring more trustworthy AI-assisted diagnostics. Its lightweight, plug-and-play nature makes it engineering-friendly, potentially easing integration into existing systems without heavy computational costs. This could support broader adoption of AI in healthcare, enhancing patient care through more resilient segmentation tools.

However, the study has limitations. The experiments are primarily on 2D medical images from CT and ultrasound datasets; future work needs to extend to 3D volumes and multi-modal inputs to assess generalizability. relies on fixed wavelet transforms, which may not adapt optimally to all image types, and while it shows gains with adversarial training, further exploration of certified robustness and domain generalization is required. Additionally, the paper notes that the approach may have reduced effectiveness in extremely low-contrast scenarios or with severe class imbalances, areas needing more investigation.