Cargando…

Gradient-based enhancement attacks in biomedical machine learning

The prevalence of machine learning in biomedical research is rapidly growing, yet the trustworthiness of such research is often overlooked. While some previous works have investigated the ability of adversarial attacks to degrade model performance in medical imaging, the ability to falsely improve p...

Descripción completa

Detalles Bibliográficos
Autores principales: Rosenblatt, Matthew, Dadashkarimi, Javid, Scheinost, Dustin
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Cornell University 2023
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9882585/
https://www.ncbi.nlm.nih.gov/pubmed/36713237
_version_ 1784879322117439488
author Rosenblatt, Matthew
Dadashkarimi, Javid
Scheinost, Dustin
author_facet Rosenblatt, Matthew
Dadashkarimi, Javid
Scheinost, Dustin
author_sort Rosenblatt, Matthew
collection PubMed
description The prevalence of machine learning in biomedical research is rapidly growing, yet the trustworthiness of such research is often overlooked. While some previous works have investigated the ability of adversarial attacks to degrade model performance in medical imaging, the ability to falsely improve performance via recently-developed “enhancement attacks” may be a greater threat to biomedical machine learning. In the spirit of developing attacks to better understand trustworthiness, we developed two techniques to drastically enhance prediction performance of classifiers with minimal changes to features: 1) general enhancement of prediction performance, and 2) enhancement of a particular method over another. Our enhancement framework falsely improved classifiers’ accuracy from 50% to almost 100% while maintaining high feature similarities between original and enhanced data (Pearson’s r′s > 0.99). Similarly, the method-specific enhancement framework was effective in falsely improving the performance of one method over another. For example, a simple neural network outperformed logistic regression by 17% on our enhanced dataset, although no performance differences were present in the original dataset. Crucially, the original and enhanced data were still similar (r = 0.99). Our results demonstrate the feasibility of minor data manipulations to achieve any desired prediction performance, which presents an interesting ethical challenge for the future of biomedical machine learning. These findings emphasize the need for more robust data provenance tracking and other precautionary measures to ensure the integrity of biomedical machine learning research. Code is available at https://github.com/mattrosenblatt7/enhancement_EPIMI.
format Online
Article
Text
id pubmed-9882585
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher Cornell University
record_format MEDLINE/PubMed
spelling pubmed-98825852023-01-28 Gradient-based enhancement attacks in biomedical machine learning Rosenblatt, Matthew Dadashkarimi, Javid Scheinost, Dustin ArXiv Article The prevalence of machine learning in biomedical research is rapidly growing, yet the trustworthiness of such research is often overlooked. While some previous works have investigated the ability of adversarial attacks to degrade model performance in medical imaging, the ability to falsely improve performance via recently-developed “enhancement attacks” may be a greater threat to biomedical machine learning. In the spirit of developing attacks to better understand trustworthiness, we developed two techniques to drastically enhance prediction performance of classifiers with minimal changes to features: 1) general enhancement of prediction performance, and 2) enhancement of a particular method over another. Our enhancement framework falsely improved classifiers’ accuracy from 50% to almost 100% while maintaining high feature similarities between original and enhanced data (Pearson’s r′s > 0.99). Similarly, the method-specific enhancement framework was effective in falsely improving the performance of one method over another. For example, a simple neural network outperformed logistic regression by 17% on our enhanced dataset, although no performance differences were present in the original dataset. Crucially, the original and enhanced data were still similar (r = 0.99). Our results demonstrate the feasibility of minor data manipulations to achieve any desired prediction performance, which presents an interesting ethical challenge for the future of biomedical machine learning. These findings emphasize the need for more robust data provenance tracking and other precautionary measures to ensure the integrity of biomedical machine learning research. Code is available at https://github.com/mattrosenblatt7/enhancement_EPIMI. Cornell University 2023-08-16 /pmc/articles/PMC9882585/ /pubmed/36713237 Text en https://creativecommons.org/licenses/by/4.0/This work is licensed under a Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/) , which allows reusers to distribute, remix, adapt, and build upon the material in any medium or format, so long as attribution is given to the creator. The license allows for commercial use.
spellingShingle Article
Rosenblatt, Matthew
Dadashkarimi, Javid
Scheinost, Dustin
Gradient-based enhancement attacks in biomedical machine learning
title Gradient-based enhancement attacks in biomedical machine learning
title_full Gradient-based enhancement attacks in biomedical machine learning
title_fullStr Gradient-based enhancement attacks in biomedical machine learning
title_full_unstemmed Gradient-based enhancement attacks in biomedical machine learning
title_short Gradient-based enhancement attacks in biomedical machine learning
title_sort gradient-based enhancement attacks in biomedical machine learning
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9882585/
https://www.ncbi.nlm.nih.gov/pubmed/36713237
work_keys_str_mv AT rosenblattmatthew gradientbasedenhancementattacksinbiomedicalmachinelearning
AT dadashkarimijavid gradientbasedenhancementattacksinbiomedicalmachinelearning
AT scheinostdustin gradientbasedenhancementattacksinbiomedicalmachinelearning