Assessing Vulnerabilities of Deep Learning Explainability in Medical Image Analysis Under Adversarial Settings

Deep Learning (DL) is a valuable set of techniques that improve medical decision-making based on imaging exams, such as Chest X-rays (CXR), Computed Tomography (CT), and Optical Coherence Tomography (OCT). However, DL models may be susceptible to adversarial attacks when perturbed (tampered) examples sneak into the data, decreasing the model's confidence. In this paper, we evaluate the vulnerabilities of DL applied to medical images and analyze the effects of attacks on the Gradient-weighted Class Activation Mapping (GRAD-CAM). Our experiments were conducted on two scenarios: (i) CXR images with binary class; (ii) OCT images with multi-class. Vulnerabilities are described by Fooling Rate (FR) and visual analysis of Grad-CAM. We show that the PGD is the most malicious deed for multi-class, reaching an FR of up to 96%, whereas DeepFool is hurtful for binary classes, reaching an FR of up to 93%. Our analysis can be used to understand the adversarial attacks over medical images and their effects on explainability. The developed code is available at GitHub(1). (AU)