Secure and Robust Machine Learning for Healthcare: A Survey

Qayyum, Adnan; Qadir, Junaid; Bilal, Muhammad; Al-Fuqaha, Ala

doi:10.1109/rbme.2020.3013489

Cited by 382 publications

(189 citation statements)

References 148 publications

(154 reference statements)

Supporting

Mentioning

186

Contrasting

Unclassified

Order By: Relevance

“…Each defense method presented in the literature so far has been shown resilient to a particular attack which is realized in specific, settings and it fails to withstand for yet stronger and unseen attacks. Therefore, the development of adversarially robust ML/DL models remains an open research problem, while the literature suggests that worst-case robustness analysis should be performed while considering adversarial ML settings ( Qayyum et al, 2020a ; Qayyum et al, 2020b ; Ilahi et al, 2020 ). In addition, it has been argued in the literature that most of ML developers and security incident responders are unequipped with the required tools for securing industry-grade ML systems against adversarial ML attacks Kumar et al (2020) .…”

Section: Open Research Issuesmentioning

confidence: 99%

Securing Machine Learning in the Cloud: A Systematic Review of Cloud Machine Learning Security

et al. 2020

Self Cite

View full text Add to dashboard Cite

With the advances in machine learning (ML) and deep learning (DL) techniques, and the potency of cloud computing in offering services efficiently and cost-effectively, Machine Learning as a Service (MLaaS) cloud platforms have become popular. In addition, there is increasing adoption of third-party cloud services for outsourcing training of DL models, which requires substantial costly computational resources (e.g., high-performance graphics processing units (GPUs)). Such widespread usage of cloud-hosted ML/DL services opens a wide range of attack surfaces for adversaries to exploit the ML/DL system to achieve malicious goals. In this article, we conduct a systematic evaluation of literature of cloud-hosted ML/DL models along both the important dimensions—attacks and defenses—related to their security. Our systematic review identified a total of 31 related articles out of which 19 focused on attack, six focused on defense, and six focused on both attack and defense. Our evaluation reveals that there is an increasing interest from the research community on the perspective of attacking and defending different attacks on Machine Learning as a Service platforms. In addition, we identify the limitations and pitfalls of the analyzed articles and highlight open research issues that require further investigation.

show abstract

Section: Open Research Issuesmentioning

confidence: 99%

Securing Machine Learning in the Cloud: A Systematic Review of Cloud Machine Learning Security

et al. 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…Reproducing medical or clinical studies will be necessary to gain mainstream adoption of GAN produced SD and dispel the scepticism it is generally met with. The medical domain is known for its slow pace in adopting new technologies and predictive ML is still far from meeting its full implementation potential (Qayyum et al, 2020). Medical professionals care foremost about the well-being of their patients and will only consider results obtained from synthetic data if they have the assurance that they are valid (Rankin et al, 2020).…”

Section: Benchmarking a Prioritymentioning

confidence: 99%

Synthetic Observational Health Data with GANs: from slow adoption to a boom in medical research and ultimately digital twins?

Geogres-Filteau¹,

Cirillo

2020

Preprint

View full text Add to dashboard Cite

After being collected for patient care, Observational Health Data (OHD) can further benefit patient well-being by sustaining the development of health informatics and medical research. Vast potential is unexploited because of the fiercely private nature of patient-related data and regulations to protect it. Generative Adversarial Networks (GANs) have recently emerged as a groundbreaking way to learn generative models that produce realistic synthetic data. They have revolutionized practices in multiple domains such as self-driving cars, fraud detection, digital twin simulations in industrial sectors, and medical imaging. The digital twin concept could readily apply to modelling and quantifying disease progression. In addition, GANs posses many capabilities relevant to common problems in healthcare: lack of data, class imbalance, rare diseases, and preserving privacy. Unlocking open access to privacy-preserving OHD could be transformative for scientific research. In the midst of COVID-19, the healthcare system is facing unprecedented challenges, many of which of are data related for the reasons stated above. Considering these facts, publications concerning GAN applied to OHD seemed to be severely lacking. To uncover the reasons for this slow adoption, we broadly reviewed the published literature on the subject. Our findings show that the properties of OHD were initially challenging for the existing GAN algorithms (unlike medical imaging, for which state-of-the-art model were directly transferable) and the evaluation synthetic data lacked clear metrics. We find more publications on the subject than expected, starting slowly in 2017, and since then at an increasing rate. The difficulties of OHD remain, and we discuss issues relating to evaluation, consistency, benchmarking, data modelling, and reproducibility.

show abstract

“…In addition to attacks, errors could also stem from noise [10,11], improper annotation [12], bias [13][14][15] and more. The omission of certain data types and lack of insertion of enough variety of data to enable the production of reliable results are also considered as causing errors [16,17].…”

Section: Introductionmentioning

confidence: 99%

Sensitivity of neural networks to corruption of image classification

Kaplan

Handelman²,

Handelman

2021

AI Ethics

View full text Add to dashboard Cite

Artificial intelligence (AI) systems are extensively used today in many fields. In the field of medicine, AI-systems are especially used for the segmentation and classification of medical images. As reliance on such AI-systems increases, it is important to verify that these systems are dependable and not sensitive to bias or other types of errors that may severely affect users and patients. This work investigates the sensitivity of the performance of AI-systems to labeling errors. Such investigation is performed by simulating intentional mislabeling of training images according to different values of a new parameter called "mislabeling balance" and a "corruption" parameter, and then measuring the accuracy of the AI-systems for every value of these parameters. The issues investigated in this work include the amount (percentage) of errors from which a substantial adverse effect on the performance of the AI-systems can be observed, and how unreliable labeling can be done in the training stage. The goals of this work are to raise ethical concerns regarding the various types of errors that can possibly find their way into AI-systems, to demonstrate the effect of training errors, and to encourage development of techniques that can cope with the problem of errors, especially for AI-systems that perform sensitive medical-related tasks.

show abstract

Secure and Robust Machine Learning for Healthcare: A Survey

Cited by 382 publications

References 148 publications

Securing Machine Learning in the Cloud: A Systematic Review of Cloud Machine Learning Security

Securing Machine Learning in the Cloud: A Systematic Review of Cloud Machine Learning Security

Synthetic Observational Health Data with GANs: from slow adoption to a boom in medical research and ultimately digital twins?

Sensitivity of neural networks to corruption of image classification

Contact Info

Product

Resources

About