Medical image classification plays a vital role in computer vision applications within the field of healthcare and medicine, and deep neural network-based classifiers are continuously achieving new breakthroughs and demonstrating tremendous potential in medical imaging analysis. However, the lack of robustness in deep learning techniques makes it risky to apply these classifiers to the domain of healthcare. In addition, the existing adversarial training strategies and domain generation methods are difficult to generalize into the medical imaging field challenged by complex medical texture features. To address this issue, we propose a medical morphological knowledge-guided adversarial training strategy, by jointly considering the robustness against medical data distribution shifts and adversarial attacks from the view of distributionally robust optimization. First, we train a surrogate model with the augmented dataset by guided filtering for capturing model attention on medical morphological information. Next, we design a gradient normalization-based prior knowledge injection module to transfer the attention information learned by surrogate model to the main classifier. Finally, we design a distributionally robust a optimization-based training strategy to induce the main classifier to learn key diagnostic clues as well as enhance the robustness against adversarial attacks. To evaluate the effectiveness of the proposed methods, we perform experiments on two types of in-domain and out-of-domain medical image sets, which contain lung CT scan datasets and dermatoscopic image datasets. Comparative results show that the proposed training strategy achieves higher adversarial attack accuracy than all involved state-of-the-art adversarial training methods and domain generation methods. The code is available at https://github.com/sysu19351146/MMK-DRO.
Read full abstract