MedFedPure: A Medical Federated Framework with MAE-based Detection and Diffusion Purification for Inference-Time Attacks

Researchers present MedFedPure, a federated learning defense framework that protects medical AI models from adversarial attacks at inference time while preserving patient privacy. The system combines personalized federated learning, masked autoencoders for attack detection, and diffusion-based purification, achieving 87.33% robustness against strong attacks while maintaining 97.67% clean accuracy on brain MRI datasets.

MedFedPure addresses a critical vulnerability in medical AI systems deployed across distributed healthcare networks. As hospitals increasingly adopt federated learning to train diagnostic models while protecting patient privacy, these systems remain exposed to inference-time adversarial attacks—subtle manipulations of medical scans imperceptible to human radiologists but capable of causing catastrophic misclassifications. The framework's three-layer approach represents a meaningful advance in securing decentralized medical AI: personalization accounts for institutional data diversity, masked autoencoders detect perturbations by leveraging reconstruction errors, and adaptive diffusion purification selectively cleans flagged images without degrading legitimate scans.

This work responds to a growing tension in healthcare technology. Traditional centralized defenses assume data concentration and homogeneity, assumptions incompatible with privacy-preserving federated architectures. The research landscape has increasingly recognized that decentralized medical systems require fundamentally different security paradigms. MedFedPure's local, real-time operation makes it practically deployable in clinical workflows without introducing latency burdens that could impede diagnosis.

For healthcare organizations and AI developers, the framework demonstrates that robustness and privacy need not be mutually exclusive. The dramatic improvement from 49.50% to 87.33% adversarial robustness suggests substantial risk reduction for deployed systems. Healthcare providers face mounting pressure to adopt AI-driven diagnosis while satisfying regulatory requirements around data protection and model reliability. Vendors offering privacy-preserving, attack-resistant solutions will gain competitive advantages as clinical adoption accelerates.

The evaluation on a single brain MRI dataset leaves questions about generalization to other imaging modalities and attack types. Broader validation across multiple cancer detection tasks and more sophisticated attack vectors would strengthen clinical confidence and regulatory acceptance.

• →MedFedPure combines personalized federated learning with masked autoencoders and diffusion-based purification to defend medical AI from inference-time attacks.
• →The framework achieves 87.33% robustness against strong adversarial attacks while maintaining 97.67% clean accuracy on brain MRI classification.
• →Local, real-time operation enables practical deployment in clinical workflows without compromising patient privacy or diagnostic speed.
• →Personalization to institutional data distributions addresses a key limitation of centralized defenses in decentralized healthcare settings.
• →Results suggest privacy-preserving AI systems can achieve both regulatory compliance and adversarial robustness simultaneously.