![[2602.21452] Adversarial Robustness of Deep Learning-Based Thyroid Nodule Segmentation in Ultrasound](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2602.21452] Adversarial Robustness of Deep Learning-Based Thyroid Nodule Segmentation in Ultrasound
Summary
This article evaluates the adversarial robustness of deep learning models for thyroid nodule segmentation in ultrasound images, highlighting the effectiveness of various defenses against specific adversarial attacks.
Why It Matters
Understanding the robustness of deep learning models in medical imaging is crucial for ensuring reliable clinical applications. This study provides insights into how adversarial attacks can affect segmentation accuracy and the potential defenses that can mitigate these effects, which is vital for improving patient outcomes in ultrasound diagnostics.
Key Takeaways
- Adversarial attacks significantly reduce the accuracy of thyroid nodule segmentation models.
- Spatial-domain perturbations can be partially mitigated using input preprocessing techniques.
- Frequency-domain perturbations present unique challenges that current defenses struggle to address.
- Deterministic denoising showed the most promise in recovering segmentation accuracy.
- Evaluating adversarial robustness is essential for the safe deployment of AI in clinical settings.
Computer Science > Computer Vision and Pattern Recognition arXiv:2602.21452 (cs) [Submitted on 25 Feb 2026] Title:Adversarial Robustness of Deep Learning-Based Thyroid Nodule Segmentation in Ultrasound Authors:Nicholas Dietrich, David McShannon View a PDF of the paper titled Adversarial Robustness of Deep Learning-Based Thyroid Nodule Segmentation in Ultrasound, by Nicholas Dietrich and 1 other authors View PDF HTML (experimental) Abstract:Introduction: Deep learning-based segmentation models are increasingly integrated into clinical imaging workflows, yet their robustness to adversarial perturbations remains incompletely characterized, particularly for ultrasound images. We evaluated adversarial attacks and inference-time defenses for thyroid nodule segmentation in B-mode ultrasound. Methods: Two black-box adversarial attacks were developed: (1) Structured Speckle Amplification Attack (SSAA), which injects boundary-targeted noise, and (2) Frequency-Domain Ultrasound Attack (FDUA), which applies bandpass-filtered phase perturbations in the Fourier domain. Three inference-time mitigations were evaluated on adversarial images: randomized preprocessing with test-time augmentation, deterministic input denoising, and stochastic ensemble inference with consistency-aware aggregation. Experiments were conducted on a U-Net segmentation model trained on cine-clips from a database of 192 thyroid nodules. Results: The baseline model achieved a mean Dice similarity coefficient (DSC) of...
