On the Feasibility of Fréchet Radiomic Distance–Constrained Adversarial Examples in Medical Imaging: Methods and Trade-offs

Mohamed Mahmoud; Shehab Khaled; Mohamed Elkhayat; Jamil Fayyad

On the Feasibility of Fréchet Radiomic Distance–Constrained Adversarial Examples in Medical Imaging: Methods and Trade-offs

Mohamed Mahmoud, Shehab Khaled, Mohamed Elkhayat, Jamil Fayyad

01 Dec 2025 (modified: 15 Dec 2025)MIDL 2026 Conference SubmissionEveryoneRevisionsBibTeXCC BY 4.0

Keywords: Deep Learning, Radiomics, Adversarial Robustness

TL;DR: Constraining adversarial perturbations to preserve radiomic fidelity (FRD) sharply limits their effectiveness, revealing an intrinsic robustness boundary in medical imaging AI.

Abstract: Adversarial attacks expose critical vulnerabilities in medical imaging AI models; yet, most existing methods violate the textural and structural characteristics that define authentic medical images by disregarding the clinical and radiomic plausibility of the generated perturbations. In this study, we present the first systematic investigation in the \emph{existence and feasibility} of adversarial examples constrained by the Fréchet Radiomic Distance (FRD) a quantitative measure of radiomic similarity capturing textural, structural, and statistical coherence between images. We formulate a gradient-free, multi objective optimization framework based on Multi Objective Particle Swarm Optimization (MOPSO) operating in the Discrete Cosine Transform (DCT) domain. This framework jointly minimizes FRD and maximizes adversarial deviation, allowing a principled exploration of the trade off between radiomic fidelity and adversarial strength without requiring gradient access. Empirical evidence across multiple medical imaging models demonstrates that enforcing strong FRD constraints (FRD $\leq$ 0.05) dramatically reduces adversarial feasibility. Perturbations preserving radiomic fidelity consistently fail to achieve meaningful adversarial deviation, suggesting that radiomic realism imposes an intrinsic feasibility boundary on adversarial generation. These findings establish radiomic consistency as a fundamental constraint on adversarial vulnerability, offering theoretical and empirical insight toward the development of inherently robust and trustworthy medical imaging AI. Our code is publicly available here.

Primary Subject Area: Safe and Trustworthy Learning-assisted Solutions for Medical Imaging

Secondary Subject Area: Application: Dermatology

Registration Requirement: Yes

Reproducibility: https://github.com/MohamedAlaaAli/frd-constrained-attack

Visa & Travel: Yes

Read CFP & Author Instructions: Yes

Originality Policy: Yes

Single-blind & Not Under Review Elsewhere: Yes

LLM Policy: Yes

Submission Number: 217

Loading