Adversarial robustness study of convolutional neural network for lumbar disk shape reconstruction from MR images

Jiasong Chen, Linchen Qian, Timur Urakov, Weiyong Gu, Liang Liang

Research output: Chapter in Book/Report/Conference proceedingConference contribution


Machine learning technologies using deep neural networks (DNNs), especially convolutional neural networks (CNNs), have made automated, accurate, and fast medical image analysis a reality for many applications, and some DNN-based medical image analysis systems have even been FDA-cleared. Despite the progress, challenges remain to build DNNs as reliable as human expert doctors. It is known that DNN classifiers may not be robust to noises: by adding a small amount of noise to an input image, a DNN classifier may make a wrong classification of the noisy image (i.e., in-distribution adversarial sample), whereas it makes the right classification of the clean image. Another issue is caused by out-of-distribution samples that are not similar to any sample in the training set. Given such a sample as input, the output of a DNN will become meaningless. In this study, we investigated the in-distribution (IND) and out-of-distribution (OOD) adversarial robustness of a representative CNN for lumbar disk shape reconstruction from spine MR images. To study the relationship between dataset size and robustness to IND adversarial attacks, we used a data augmentation method to create training sets with different levels of shape variations. We utilized the PGD-based algorithm for IND adversarial attacks and extended it for OOD adversarial attacks to generate OOD adversarial samples for model testing. The results show that IND adversarial training can improve the CNN robustness to IND adversarial attacks, and larger training datasets may lead to higher IND robustness. However, it is still a challenge to defend against OOD adversarial attacks.

Original languageEnglish (US)
Title of host publicationMedical Imaging 2021
Subtitle of host publicationImage Processing
EditorsIvana Isgum, Bennett A. Landman
ISBN (Electronic)9781510640214
StatePublished - 2021
EventMedical Imaging 2021: Image Processing - Virtual, Online, United States
Duration: Feb 15 2021Feb 19 2021

Publication series

NameProgress in Biomedical Optics and Imaging - Proceedings of SPIE
ISSN (Print)1605-7422


ConferenceMedical Imaging 2021: Image Processing
Country/TerritoryUnited States
CityVirtual, Online


  • Adversarial robustness
  • Deep neural network
  • In-distribution
  • Lumbar disk image
  • Out-of-distribution

ASJC Scopus subject areas

  • Electronic, Optical and Magnetic Materials
  • Atomic and Molecular Physics, and Optics
  • Biomaterials
  • Radiology Nuclear Medicine and imaging


Dive into the research topics of 'Adversarial robustness study of convolutional neural network for lumbar disk shape reconstruction from MR images'. Together they form a unique fingerprint.

Cite this