MedAttacker: Exploring Black-Box Adversarial Attacks on Risk Prediction Models in Healthcare

Muchao Ye; Junyu Luo; Guanjie Zheng; Cao Xiao; Houping Xiao; Ting Wang; Fenglong Ma

doi:10.1109/BIBM55620.2022.9994898

Back

Conference proceeding

MedAttacker: Exploring Black-Box Adversarial Attacks on Risk Prediction Models in Healthcare

Muchao Ye, Junyu Luo, Guanjie Zheng, Cao Xiao, Houping Xiao, Ting Wang and Fenglong Ma

2022 IEEE International Conference on Bioinformatics and Biomedicine (BIBM), pp.1777-1780

12/06/2022

DOI: 10.1109/BIBM55620.2022.9994898

View Online

Abstract

Researchers have conduct adversarial attacks against deep neural networks (DNNs) for health risk prediction in the white/gray-box setting to evaluate their robustness. However, since most real-world solutions are trained by private data and released as black-box services on the cloud, we should investigate their robustness in the black-box setting. Unfortunately, existing work ignores to consider the uniqueness of electronic health records (EHRs). To fill this gap, we propose the first black-box adversarial attack method against health risk prediction models named MedAttacker to investigate their vulnerability. It addresses the challenges brought by EHRs via two steps: hierarchical position selection which selects the attacked positions in a reinforcement learning (RL) framework and substitute selection which identifies substitutes with a score-based principle. Particularly, by considering the temporal context inside EHRs, MedAttacker initializes its RL position selection policy by using the contribution score of each visit and the saliency score of each code, which can be well integrated with the deterministic substitute selection process decided by the score changes. We evaluate MedAttacker by attacking three advanced risk prediction models in the black-box setting across multiple real-world datasets, and MedAttacker consistently achieves the highest average success rate and even outperforms a recent white-box EHR adversarial attack technique in certain cases.

Electronic equipment

Flight recording

Medical services

Neural networks

Predictive models

Reinforcement learning

Stochastic processes

Details

Title: Subtitle: MedAttacker: Exploring Black-Box Adversarial Attacks on Risk Prediction Models in Healthcare
Creators: Muchao Ye - Pennsylvania State University
Junyu Luo - Pennsylvania State University
Guanjie Zheng - Shanghai Jiao Tong University
Cao Xiao - Relativity,USA
Houping Xiao - Georgia State University
Ting Wang - Pennsylvania State University
Fenglong Ma - Pennsylvania State University
Resource Type: Conference proceeding
Publication Details: 2022 IEEE International Conference on Bioinformatics and Biomedicine (BIBM), pp.1777-1780
Publisher: IEEE
DOI: 10.1109/BIBM55620.2022.9994898
Grant note: National Science Foundation (10.13039/100000001)
Language: English
Date published: 12/06/2022
Academic Unit: Computer Science
Record Identifier: 9984696574802771

Metrics

1 Record Views