Accurate and adversarially robust classification of medical images and ECG time-series with gradient-free trained sign activation neural networks

Document Type

Conference Proceeding

Publication Date

12-16-2020

Abstract

Adversarial attacks in medical AI imaging systems can lead to misdiagnosis and insurance fraud as recently highlighted by Finlayson et. al. in Science 2019. They can also be carried out on widely used ECG time-series data as shown in Han et. al. in Nature Medicine 2020. At the heart of adversarial attacks are imperceptible distortions that are visually and statistically undetectable but cause the machine learning model to misclassify data. Recent empirical studies have shown that a gradient-free trained sign activation neural network ensemble model requires a larger distortion than state of the art models. We apply them on medical data in this study as a potential solution to detect and deter adversarial attacks. We show on chest X-ray and histopathology images, and on two ECG datasets that this model requires a greater distortion to be fooled than full-precision, binary, and convolutional neural networks, and random forests. We show that adversaries targeting the gradient-free sign networks are visually distinguishable from the original data and thus likely to be detected by human inspection. Since the sign network distortions are higher we expect an automated method could be developed to detect and deter attacks in advance. Our work here is a significant step towards safe and secure medical machine learning.

Identifier

85100349696 (Scopus)

ISBN

[9781728162157]

Publication Title

Proceedings 2020 IEEE International Conference on Bioinformatics and Biomedicine Bibm 2020

External Full Text Location

https://doi.org/10.1109/BIBM49941.2020.9313442

First Page

2456

Last Page

2460

This document is currently not available here.

Share

COinS