Diabetic Retinopathy (DR) is a prevalent illness associated with Diabetes which, if left untreated, can result in irreversible blindness. Deep Learning based systems are gradually being introduced as automated support for clinical diagnosis. Since healthcare has always been an extremely important domain demanding error-free performance, any adversaries could pose a big threat to the applicability of such systems. In this work, we use Universal Adversarial Perturbations (UAPs) to quantify the vulnerability of Medical Deep Neural Networks (DNNs) for detecting DR. To the best of our knowledge, this is the very first attempt that works on attacking complete fine-grained classification of DR images using various UAPs. Also, as a part of this work, we use UAPs to fine-tune the trained models to defend against adversarial samples. We experiment on several models and observe that the performance of such models towards unseen adversarial attacks gets boosted on average by $3.41$ Cohen-kappa value and maximum by $31.92$ Cohen-kappa value. The performance degradation on normal data upon ensembling the fine-tuned models was found to be statistically insignificant using t-test, highlighting the benefits of UAP-based adversarial fine-tuning.

翻译：糖尿病视网膜病变（DR）是与糖尿病相关的常见疾病，若未及时治疗，可能导致不可逆的失明。基于深度学习（Deep Learning）的系统正逐步被引入作为临床诊断的自动化辅助手段。由于医疗领域始终要求零误差性能，任何对抗样本（adversaries）都可能对此类系统的适用性构成重大威胁。本文采用通用对抗扰动（Universal Adversarial Perturbations, UAPs）量化医学深度神经网络（DNNs）在检测DR时的脆弱性。据我们所知，这是首次尝试利用多种UAPs对DR图像的完整细粒度分类实施攻击。此外，作为本研究的一部分，我们利用UAPs对已训练模型进行微调（fine-tune）以防御对抗样本。我们在多个模型上进行实验，观察到这些模型面对未知对抗攻击的性能平均提升$3.41$ Cohen-kappa值，最高提升$31.92$ Cohen-kappa值。通过t检验发现，集成微调模型后正常数据上的性能下降在统计上不显著，这凸显了基于UAP的对抗微调的优势。