Deep neural networks are discovered to be non-robust when attacked by imperceptible adversarial examples, which is dangerous for it applied into medical diagnostic system that requires high reliability. However, the defense methods that have good effect in natural images may not be suitable for medical diagnostic tasks. The preprocessing methods (e.g., random resizing, compression) may lead to the loss of the small lesions feature in the medical image. Retraining the network on the augmented data set is also not practical for medical models that have already been deployed online. Accordingly, it is necessary to design an easy-to-deploy and effective defense framework for medical diagnostic tasks. In this paper, we propose a Robust and Retrain-Less Diagnostic Framework for Medical pretrained models against adversarial attack (i.e., MedRDF). It acts on the inference time of the pertained medical model. Specifically, for each test image, MedRDF firstly creates a large number of noisy copies of it, and obtains the output labels of these copies from the pretrained medical diagnostic model. Then, based on the labels of these copies, MedRDF outputs the final robust diagnostic result by majority voting. In addition to the diagnostic result, MedRDF produces the Robust Metric (RM) as the confidence of the result. Therefore, it is convenient and reliable to utilize MedRDF to convert pre-trained non-robust diagnostic models into robust ones. The experimental results on COVID-19 and DermaMNIST datasets verify the effectiveness of our MedRDF in improving the robustness of medical diagnostic models.

翻译：深心神经网络在被无法察觉的对抗性例子攻击时被发现不为强力神经网络,这对其应用于医疗诊断系统十分危险,需要高度可靠。然而,在自然图像中具有良好影响的防御方法可能不适合医疗诊断任务。预处理方法(如随机调整、压缩)可能导致医疗图像中小损伤特征的丧失。在扩大的数据集上对网络进行再培训对已经在线部署的医疗模型来说也不实用。因此,有必要设计一个容易配置和有效的医疗诊断任务防御框架。在本文中,我们提议对抗争攻击(即MedRDF)有良好影响的医学预培训模型采用机械和抗争诊断框架。预处理方法可能会导致医疗模型的衰减。具体地说,对于每张测试图像,MedRDF首次制作了大量的杂音拷贝副本,并且从经过预先测试的医疗诊断模型中获取这些副本的输出标签。然后,根据对医学预诊断模型的标签,MDRFFDF的多数分析结果,将M结果转换为MDFF的稳性诊断结果。