It is imperative to ensure the robustness of deep learning models in critical applications such as, healthcare. While recent advances in deep learning have improved the performance of volumetric medical image segmentation models, these models cannot be deployed for real-world applications immediately due to their vulnerability to adversarial attacks. We present a 3D frequency domain adversarial attack for volumetric medical image segmentation models and demonstrate its advantages over conventional input or voxel domain attacks. Using our proposed attack, we introduce a novel frequency domain adversarial training approach for optimizing a robust model against voxel and frequency domain attacks. Moreover, we propose frequency consistency loss to regulate our frequency domain adversarial training that achieves a better tradeoff between model's performance on clean and adversarial samples. Code is publicly available at https://github.com/asif-hanif/vafa.

翻译：确保深度学习模型在医疗保健等关键应用中的鲁棒性至关重要。尽管深度学习的最新进展提升了体积医学图像分割模型的性能，但由于这些模型易受对抗攻击的影响，它们无法立即部署于实际应用。我们提出了一种面向体积医学图像分割模型的三维频率域对抗攻击，并展示了其相较于传统输入域或体素域攻击的优势。利用所提出的攻击，我们引入了一种新颖的频率域对抗训练方法，以优化模型对体素域和频率域攻击的鲁棒性。此外，我们提出了频率一致性损失来调节频率域对抗训练，从而在模型对干净样本和对抗样本的性能之间实现更优的权衡。代码公开于https://github.com/asif-hanif/vafa。